Bug 746620 (CVE-2011-3149)
Summary: | CVE-2011-3149 pam (pam_env): Infinite loop by expanding certain arguments | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | security-response-team, tmraz |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-22 04:34:36 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 748817, 865990 | ||
Bug Blocks: | 746631, 855229 |
Description
Jan Lieskovsky
2011-10-17 10:06:56 UTC
Acknowledgements: Red Hat would like to thank Kees Cook of Google ChromeOS Team for reporting this issue. Reading of user-supplied environment files is disabled by default in the pam package versions, as shipped with various releases of Red Hat Enterprise Linux and Fedora, more information at: https://bugzilla.redhat.com/show_bug.cgi?id=746619#c9 This issue does not affect the version of the pam package, as shipped with Red Hat Enterprise Linux 4 and 5, because they do not support reading user specific environment file via ~/.pam_environment This issue affects the version of the pam package, as shipped with Red Hat Enterprise Linux 6. This issue affects the version of pam package, as shipped with Fedora 14 and 15. Statement: This issue did not affect the versions of pam package as shipped with Red Hat Enterprise Linux 4 and 5. Public via: [1] https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565 Relevant upstream patch: [2] http://git.fedorahosted.org/git/?p=linux-pam.git;a=commitdiff;h=109823cb621c900c07c4b6cdc99070d354d19444 Created pam tracking bugs for this issue Affects: fedora-all [bug 748817] This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0521 https://rhn.redhat.com/errata/RHSA-2013-0521.html |