Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Linux-PAM ‘pam_env’模块安全漏洞
Vulnerability Description
Linux-PAM(又名PAM)是一种用于Linux平台中的认证机制,它通过提供一些动态链接库和一套统一的API,使系统管理员可以自由选择应用程序使用的验证机制。 Linux-PAM 的‘pam_env’模块的‘expand_arg()’函数(modules/pam_env/pam_env.c)1.1.4及其他版本中存在漏洞。由于在扩大环境变量时遇到某些情况不能正确中止,攻击者可借助特制的环境变量导致诸如CPU的高消耗,并导致Dos(拒绝服务),还可能获得权限提升。Linux-PAM 1.1.5之前版本中
CVSS Information
N/A
Vulnerability Type
N/A