CVE-2011-3148
pam - several
EPSS 0.16%
Description
Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.
How to fix CVE-2011-3148
To remediate CVE-2011-3148, upgrade the affected package to a fixed version below.
- Debian/pam—upgrade to 1.1.3-5 or later
- Debian/pam—upgrade to 1.1.1-6.1+squeeze1 or later
Is CVE-2011-3148 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.1.3-5
- from 0, < 1.1.1-6.1+squeeze1