CVE-2012-1502
published 2012-06-16CVE-2012-1502: Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash)…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
14.29%
96.2th percentile
Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-pam | < python-pam 0.4.2-13 (bookworm) | python-pam 0.4.2-13 (bookworm) |
| pypam | pypam | <= 0.5.0 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PyPAM vulnerability
vendor_ubuntu·2012-03-08
CVE-2012-1502 PyPAM vulnerability
Title: PyPAM vulnerability
Summary: PyPAM could be made to crash or possibly run programs if it processed
a specially crafted password.
Markus Vervier discovered that PyPAM incorrectly handled passwords
containing NULL bytes. An attacker could exploit this to cause applications
using PyPAM to crash, or possibly execute arbitrary code.
Instructions: After a standard system update you need to restart applications that use
PyPAM to make all the necessary changes.
Red Hat
PyPAM: Double free by processing passwords containing NULL-bytes
vendor_redhat·2012-03-08·CVSS 7.5
CVE-2012-1502 [HIGH] PyPAM: Double free by processing passwords containing NULL-bytes
PyPAM: Double free by processing passwords containing NULL-bytes
Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.
Statement: The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: PyPAM (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2012-1502: python-pam - Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and ea...
vendor_debian·2012·CVSS 7.5
CVE-2012-1502 [HIGH] CVE-2012-1502: python-pam - Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and ea...
Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.
Scope: local
bookworm: resolved (fixed in 0.4.2-13)
bullseye: resolved (fixed in 0.4.2-13)
forky: resolved (fixed in 0.4.2-13)
sid: resolved (fixed in 0.4.2-13)
trixie: resolved (fixed in 0.4.2-13)
GHSA
GHSA-5vgc-qp88-vfrj: Double free vulnerability in the PyPAM_conv in PAMmodule
ghsa_unreviewed·2022-05-17
CVE-2012-1502 [HIGH] GHSA-5vgc-qp88-vfrj: Double free vulnerability in the PyPAM_conv in PAMmodule
Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.
OSV
CVE-2012-1502: Double free vulnerability in the PyPAM_conv in PAMmodule
osv·2012-06-16·CVSS 7.5
CVE-2012-1502 [HIGH] CVE-2012-1502: Double free vulnerability in the PyPAM_conv in PAMmodule
Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.
No detection rules found.
http://lists.opensuse.org/opensuse-updates/2012-04/msg00027.htmlhttp://secunia.com/advisories/48312http://secunia.com/advisories/48332http://secunia.com/advisories/48746http://ubuntu.com/usn/usn-1395-1http://www.debian.org/security/2012/dsa-2430http://www.lsexperts.de/advisories/lse-2012-03-01.txthttp://www.osvdb.org/79892https://exchange.xforce.ibmcloud.com/vulnerabilities/73857https://security.gentoo.org/glsa/201507-09http://lists.opensuse.org/opensuse-updates/2012-04/msg00027.htmlhttp://secunia.com/advisories/48312http://secunia.com/advisories/48332http://secunia.com/advisories/48746http://ubuntu.com/usn/usn-1395-1http://www.debian.org/security/2012/dsa-2430http://www.lsexperts.de/advisories/lse-2012-03-01.txthttp://www.osvdb.org/79892https://exchange.xforce.ibmcloud.com/vulnerabilities/73857https://security.gentoo.org/glsa/201507-09
2012-06-16
Published