CentOS Local Security Checks : CentOS Update for pam CESA-2015:1640 centos6

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.882254

Categoría: CentOS Local Security Checks

Título: CentOS Update for pam CESA-2015:1640 centos6

Resumen: Check the version of pam

Descripción: Summary:
Check the version of pam

Vulnerability Insight:
Pluggable Authentication Modules (PAM) provide a system whereby
administrators can set up authentication policies without having to
recompile programs to handle authentication.

It was discovered that the _unix_run_helper_binary() function of PAM's
unix_pam module could write to a blocking pipe, possibly causing the
function to become unresponsive. An attacker able to supply large passwords
to the unix_pam module could use this flaw to enumerate valid user
accounts, or cause a denial of service on the system. (CVE-2015-3238)

Red Hat would like to thank Sebastien Macke of Trustwave SpiderLabs for
reporting this issue.

All pam users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

Affected Software/OS:
pam on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-3238
BugTraq ID: 75428
http://www.securityfocus.com/bid/75428
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html
https://security.gentoo.org/glsa/201605-05
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551
https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/
http://www.openwall.com/lists/oss-security/2015/06/25/13
RedHat Security Advisories: RHSA-2015:1640
http://rhn.redhat.com/errata/RHSA-2015-1640.html
http://www.ubuntu.com/usn/USN-2935-1
http://www.ubuntu.com/usn/USN-2935-2
http://www.ubuntu.com/usn/USN-2935-3

Copyright Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.882254
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for pam CESA-2015:1640 centos6
Resumen:	Check the version of pam
Descripción:	Summary: Check the version of pam Vulnerability Insight: Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. It was discovered that the _unix_run_helper_binary() function of PAM's unix_pam module could write to a blocking pipe, possibly causing the function to become unresponsive. An attacker able to supply large passwords to the unix_pam module could use this flaw to enumerate valid user accounts, or cause a denial of service on the system. (CVE-2015-3238) Red Hat would like to thank Sebastien Macke of Trustwave SpiderLabs for reporting this issue. All pam users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. Affected Software/OS: pam on CentOS 6 Solution: Please install the updated packages. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3238 BugTraq ID: 75428 http://www.securityfocus.com/bid/75428 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html https://security.gentoo.org/glsa/201605-05 https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551 https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/ http://www.openwall.com/lists/oss-security/2015/06/25/13 RedHat Security Advisories: RHSA-2015:1640 http://rhn.redhat.com/errata/RHSA-2015-1640.html http://www.ubuntu.com/usn/USN-2935-1 http://www.ubuntu.com/usn/USN-2935-2 http://www.ubuntu.com/usn/USN-2935-3
Copyright	Copyright (C) 2015 Greenbone Networks GmbH