CVE-2015-3238 — Sensitive Information Exposure in Linux-pam

CWE-200 — Sensitive Information Exposure CWE-833 — Deadlock CWE-203 — Observable Discrepancy12 documents7 sources

Severity

6.5MEDIUMNVD

OSV4.3

EPSS

3.0%

top 13.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PAM Debian PAM Linux-pam +1 more

Timeline

PublishedAug 24

Latest updateMay 14

Description

The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages5 packages

▶NVDlinux-pam/linux-pam1.1.8

▶NVDoracle/sparc-opl_service_processor1121

▶debiandebian/pam< pam 1.1.8-3.2 (bookworm)

▶Debianpam/pam< 1.1.8-3.2+3

▶Ubuntupam/pam< 1.1.8-1ubuntu2.2+1

🔴Vulnerability Details

GHSA

GHSA-6r75-hhm5-f689: The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1↗2022-05-14

▶

OSV

pam regression↗2016-03-16

▶

OSV

pam vulnerabilities↗2016-03-16

▶

OSV

CVE-2015-3238: The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1↗2015-08-24

▶

📋Vendor Advisories

Ubuntu

PAM regression↗2016-03-17

▶

Ubuntu

PAM regression↗2016-03-16

▶

Ubuntu

PAM vulnerabilities↗2016-03-16

▶

Red Hat

pam: DoS/user enumeration due to blocking pipe in pam_unix module↗2015-06-25

▶

Debian

CVE-2015-3238: pam - The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pa...↗2015

▶

💬Community

Bugzilla

CVE-2016-6210 openssh: User enumeration via covert timing channel↗2016-07-18

▶

Bugzilla

CVE-2015-3238 pam: DoS/user enumeration due to blocking pipe in pam_unix module↗2015-06-05

▶