1
PublicDateAtUSN: 2015-08-24
2
Candidate: CVE-2015-3238
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3238
6
https://www.redhat.com/archives/pam-list/2015-June/msg00001.html
7
https://usn.ubuntu.com/usn/usn-2935-1
9
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM
10
(aka pam) before 1.2.1, when unable to directly access passwords, allows
11
local users to enumerate usernames or cause a denial of service (hang) via
16
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789986
18
Discovered-by: Sebastien Macke
22
upstream: https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=e89d4c97385ff8180e6e81e84c5aa745daf28a79
23
upstream_pam: released (1.1.8-3.2)
24
precise_pam: released (1.1.3-7ubuntu2.1)
25
precise/esm_pam: released (1.1.3-7ubuntu2.1)
26
trusty_pam: released (1.1.8-1ubuntu2.1)
27
utopic_pam: ignored (reached end-of-life)
28
vivid_pam: ignored (reached end-of-life)
29
vivid/stable-phone-overlay_pam: ignored (reached end-of-life)
30
vivid/ubuntu-core_pam: ignored (reached end-of-life)
31
wily_pam: released (1.1.8-3.1ubuntu3.1)
32
xenial_pam: released (1.1.8-3.2ubuntu2)
33
yakkety_pam: released (1.1.8-3.2ubuntu2)
34
zesty_pam: released (1.1.8-3.2ubuntu2)
35
devel_pam: released (1.1.8-3.2ubuntu2)