From the Secunia advisory at $URL: Description Two vulnerabilities have been reported in Linux-PAM, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. 1) A boundary error within the "_assemble_line()" function (modules/pam_env/pam_env.c) of the "pam_env" module can be exploited to cause a stack-based buffer overflow via e.g. a specially crafted "~/.pam_environment" file. 2) The "_expand_arg()" function (modules/pam_env/pam_env.c) of the "pam_env" module does not properly abort when encountering certain conditions during the expansion of environment variables, which can be exploited to e.g. cause a high CPU consumption via specially crafted environment variables. The vulnerabilities are reported in version 1.1.4. Other versions may also be affected. Solution Fixed in the GIT repository. Further details available in Customer Area Provided and/or discovered by Kees Cook Original Advisory http://git.fedorahosted.org/git/?p=linux-pam.git;a=commitdiff;h=caf5e7f61c8d9288daa49b4f61962e6b1239121d http://git.fedorahosted.org/git/?p=linux-pam.git;a=commitdiff;h=109823cb621c900c07c4b6cdc99070d354d19444 https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469 https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565
1.1.5 in tree.
Thanks Diego. Arches, please test and mark stable: =sys-libs/pam-1.1.5 target KEYWORDS : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
amd64 ok
amd64: Ok
amd64 done. Thanks Agostino and Tomas
Stable for HPPA.
Builds fine on x86. Was able to login again. Seems ok to me. Please mark stable for x86.
alpha/arm/ia64/m68k/s390/sh/sparc/x86 stable
ppc done
ppc64 stable, last arch done
Thanks everyone. Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201206-31 at http://security.gentoo.org/glsa/glsa-201206-31.xml by GLSA coordinator Stefan Behte (craig).
CVE-2011-3149 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3149): The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption). CVE-2011-3148 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3148): Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.
