The unixrunhelperbinary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "1.1.8-1ubuntu2.1", "binary_name": "libpam-cracklib" }, { "binary_version": "1.1.8-1ubuntu2.1", "binary_name": "libpam-cracklib-dbgsym" }, { "binary_version": "1.1.8-1ubuntu2.1", "binary_name": "libpam-doc" }, { "binary_version": "1.1.8-1ubuntu2.1", "binary_name": "libpam-modules" }, { "binary_version": "1.1.8-1ubuntu2.1", "binary_name": "libpam-modules-bin" }, { "binary_version": "1.1.8-1ubuntu2.1", "binary_name": "libpam-modules-bin-dbgsym" }, { "binary_version": "1.1.8-1ubuntu2.1", "binary_name": "libpam-modules-dbgsym" }, { "binary_version": "1.1.8-1ubuntu2.1", "binary_name": "libpam-runtime" }, { "binary_version": "1.1.8-1ubuntu2.1", "binary_name": "libpam0g" }, { "binary_version": "1.1.8-1ubuntu2.1", "binary_name": "libpam0g-dbgsym" }, { "binary_version": "1.1.8-1ubuntu2.1", "binary_name": "libpam0g-dev" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "1.1.8-3.2ubuntu2", "binary_name": "libpam-cracklib" }, { "binary_version": "1.1.8-3.2ubuntu2", "binary_name": "libpam-cracklib-dbgsym" }, { "binary_version": "1.1.8-3.2ubuntu2", "binary_name": "libpam-doc" }, { "binary_version": "1.1.8-3.2ubuntu2", "binary_name": "libpam-modules" }, { "binary_version": "1.1.8-3.2ubuntu2", "binary_name": "libpam-modules-bin" }, { "binary_version": "1.1.8-3.2ubuntu2", "binary_name": "libpam-modules-bin-dbgsym" }, { "binary_version": "1.1.8-3.2ubuntu2", "binary_name": "libpam-modules-dbgsym" }, { "binary_version": "1.1.8-3.2ubuntu2", "binary_name": "libpam-runtime" }, { "binary_version": "1.1.8-3.2ubuntu2", "binary_name": "libpam0g" }, { "binary_version": "1.1.8-3.2ubuntu2", "binary_name": "libpam0g-dbgsym" }, { "binary_version": "1.1.8-3.2ubuntu2", "binary_name": "libpam0g-dev" } ] }