Launchpad CVE tracker

CVE 2011-3149

The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).

Related bugs and status

CVE-2011-3149 (Candidate) is related to these bugs:

Bug #805423: pam_motd needs a module option to disable in-line dynamic updates

Summary				In	Importance	Status
	805423	pam_motd needs a module option to disable in-line dynamic updates		pam (Ubuntu)	Medium	Fix Released
	805423	pam_motd needs a module option to disable in-line dynamic updates		Landscape Client	Undecided	Invalid

Bug #871943: pam_motd sometimes inherits umask of user (via pam_umask)

Summary				In	Importance	Status
	871943	pam_motd sometimes inherits umask of user (via pam_umask)		pam (Ubuntu)	Medium	Fix Released

Bug #874469: stack buffer overflow in pam_env

Summary				In	Importance	Status
	874469	stack buffer overflow in pam_env		pam (Ubuntu)	Undecided	Fix Released

Bug #874565: 100% CPU utilitization in pam_env parsing

Summary				In	Importance	Status
	874565	100% CPU utilitization in pam_env parsing		pam (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-3149

References