Linux-PAM: Multiple vulnerabilities
Gentoo Linux Security Advisory
||GLSA 201206-31 / pam
||June 25, 2012
||June 25, 2012: 1
All supported architectures
#343399, #386273, #388431
Multiple vulnerabilities have been found in Linux-PAM, allowing
local attackers to possibly gain escalated privileges, cause a Denial of
Service, corrupt data, or obtain sensitive information.
Linux-PAM (Pluggable Authentication Modules) is an architecture allowing
the separation of the development of privilege granting software from the
development of secure and appropriate authentication schemes.
Multiple vulnerabilities have been discovered in Linux-PAM. Please
review the CVE identifiers referenced below for details.
A local attacker could use specially crafted files to cause a buffer
overflow, possibly resulting in privilege escalation or Denial of
Service. Furthermore, a local attacker could execute specially crafted
programs or symlink attacks, possibly resulting in data loss or
disclosure of sensitive information.
There is no known workaround at this time.
All Linux-PAM users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-libs/pam-1.1.5"
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since November 25, 2011. It is likely that your system is
already no longer affected by this issue.