CentOS Local Security Checks : CentOS Update for pam CESA-2013:0521 centos6

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.881657

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for pam CESA-2013:0521 centos6

Zusammenfassung: The remote host is missing an update for the 'pam'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'pam'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Pluggable Authentication Modules (PAM) provide a system whereby
administrators can set up authentication policies without having to
recompile programs to handle authentication.

A stack-based buffer overflow flaw was found in the way the pam_env module
parsed users' '~
/.pam_environment' files. If an application's PAM
configuration contained 'user_readenv=1' (this is not the default), a
local attacker could use this flaw to crash the application or, possibly,
escalate their privileges. (CVE-2011-3148)

A denial of service flaw was found in the way the pam_env module expanded
certain environment variables. If an application's PAM configuration
contained 'user_readenv=1' (this is not the default), a local attacker
could use this flaw to cause the application to enter an infinite loop.
(CVE-2011-3149)

Red Hat would like to thank Kees Cook of the Google ChromeOS Team for
reporting the CVE-2011-3148 and CVE-2011-3149 issues.

These updated pam packages include numerous bug fixes and enhancements.
Space precludes documenting all of these changes in this advisory. Users
are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked
to in the References, for information on the most significant of these
changes.

All pam users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.

Affected Software/OS:
pam on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-3148
http://security.gentoo.org/glsa/glsa-201206-31.xml
http://secunia.com/advisories/46583
http://secunia.com/advisories/49711
http://www.ubuntu.com/usn/USN-1237-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-3149

Copyright Copyright (C) 2013 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.881657
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for pam CESA-2013:0521 centos6
Zusammenfassung:	The remote host is missing an update for the 'pam'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'pam' package(s) announced via the referenced advisory. Vulnerability Insight: Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. A stack-based buffer overflow flaw was found in the way the pam_env module parsed users' '~ /.pam_environment' files. If an application's PAM configuration contained 'user_readenv=1' (this is not the default), a local attacker could use this flaw to crash the application or, possibly, escalate their privileges. (CVE-2011-3148) A denial of service flaw was found in the way the pam_env module expanded certain environment variables. If an application's PAM configuration contained 'user_readenv=1' (this is not the default), a local attacker could use this flaw to cause the application to enter an infinite loop. (CVE-2011-3149) Red Hat would like to thank Kees Cook of the Google ChromeOS Team for reporting the CVE-2011-3148 and CVE-2011-3149 issues. These updated pam packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All pam users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. Affected Software/OS: pam on CentOS 6 Solution: Please install the updated packages. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3148 http://security.gentoo.org/glsa/glsa-201206-31.xml http://secunia.com/advisories/46583 http://secunia.com/advisories/49711 http://www.ubuntu.com/usn/USN-1237-1 Common Vulnerability Exposure (CVE) ID: CVE-2011-3149
Copyright	Copyright (C) 2013 Greenbone AG