CVE-2011-3149

Name of the Vulnerable Software and Affected Versions openSUSE pam versions (affected versions not specified) SUSE Linux Enterprise pam versions (affected versions not specified) Debian GNU/Linux pam versions (affected versions not specified) pam-devel versions (affected versions not specified) pam-doc versions (affected versions not specified) pam-32bit versions (affected versions not specified) pam-64bit versions (affected versions not specified) pam-devel-32bit versions (affected versions not specified) pam-devel-64bit versions (affected versions not specified) Linux-PAM versions prior to 1.1.5

Description The issue concerns multiple vulnerabilities in the pam package of various Linux operating systems, including openSUSE, SUSE Linux Enterprise, and Debian GNU/Linux. These vulnerabilities can be exploited locally, potentially leading to a violation of confidentiality, integrity, and availability of protected information. The expand arg function in the pam env module of Linux-PAM is also vulnerable to a denial of service (CPU consumption) due to improper handling of environment variable expansion overflows.

Recommendations For Linux-PAM versions prior to 1.1.5, update to version 1.1.5 or later to resolve the issue. For other affected versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability.