Ubuntu Update For Pam USN-1237-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1237-1

Solution

Please Install the Updated Packages.

Insight

Kees Cook discovered that the PAM pam_env module incorrectly handled certain malformed environment files. A local attacker could use this flaw to cause a denial of service, or possibly gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2011-3148) Kees Cook discovered that the PAM pam_env module incorrectly handled variable expansion. A local attacker could use this flaw to cause a denial of service. (CVE-2011-3149) Stephane Chazelas discovered that the PAM pam_motd module incorrectly cleaned the environment during execution of the motd scripts. In certain environments, a local attacker could use this to execute arbitrary code as root, and gain privileges.

Affected

pam on Ubuntu 11.04 , Ubuntu 10.10 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-October/001455.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3148, CVE-2011-3149, CVE-2011-3628

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for pam USN-1237-1

Take action and discover your vulnerabilities