Test ID:	1.3.6.1.4.1.25623.1.0.120315
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2014-354)
Summary:	The remote host is missing an update for the 'pam' package(s) announced via the ALAS-2014-354 advisory.
Description:	Summary: The remote host is missing an update for the 'pam' package(s) announced via the ALAS-2014-354 advisory. Vulnerability Insight: Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function. The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack. Affected Software/OS: 'pam' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-7041 BugTraq ID: 64180 http://www.securityfocus.com/bid/64180 https://security.gentoo.org/glsa/201605-05 http://www.openwall.com/lists/oss-security/2013/12/09/5 http://www.openwall.com/lists/oss-security/2013/12/09/16 http://www.ubuntu.com/usn/USN-2935-1 http://www.ubuntu.com/usn/USN-2935-2 http://www.ubuntu.com/usn/USN-2935-3 Common Vulnerability Exposure (CVE) ID: CVE-2014-2583 BugTraq ID: 66493 http://www.securityfocus.com/bid/66493 http://www.openwall.com/lists/oss-security/2014/03/24/5 http://www.openwall.com/lists/oss-security/2014/03/26/10 http://www.openwall.com/lists/oss-security/2014/03/31/6 http://secunia.com/advisories/57317
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.