Stack-based Buffer Overflow in Linux-PAM's _assemble_line Function

Stack-based Buffer Overflow in Linux-PAM's _assemble_line Function

CVE-2011-3148 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.