Test ID:	1.3.6.1.4.1.25623.1.0.120393
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2013-160)
Summary:	The remote host is missing an update for the 'pam' package(s) announced via the ALAS-2013-160 advisory.
Description:	Summary: The remote host is missing an update for the 'pam' package(s) announced via the ALAS-2013-160 advisory. Vulnerability Insight: A stack-based buffer overflow flaw was found in the way the pam_env module parsed users' '~ /.pam_environment' files. If an application's PAM configuration contained 'user_readenv=1' (this is not the default), a local attacker could use this flaw to crash the application or, possibly, escalate their privileges. (CVE-2011-3148) A denial of service flaw was found in the way the pam_env module expanded certain environment variables. If an application's PAM configuration contained 'user_readenv=1' (this is not the default), a local attacker could use this flaw to cause the application to enter an infinite loop. (CVE-2011-3149) Affected Software/OS: 'pam' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3148 http://security.gentoo.org/glsa/glsa-201206-31.xml http://secunia.com/advisories/46583 http://secunia.com/advisories/49711 http://www.ubuntu.com/usn/USN-1237-1 Common Vulnerability Exposure (CVE) ID: CVE-2011-3149
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.