Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1502

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-1502
Last Modified 20 Jun 2012 12:00:00
Published 15 Jun 2012 08:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1502

Summary

Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.

Vulnerable Systems

Application

  • Pypam 0.5.0


References

XF - pypam-password-dos(73857)

OSVDB - 79892

MISC - http://www.lsexperts.de/advisories/lse-2012-03-01.txt

DEBIAN - DSA-2430

UBUNTU - USN-1395-1

SECUNIA - 48746

SECUNIA - 48332

SECUNIA - 48312

SUSE - openSUSE-SU-2012:0487

Related Patches

Novell SUSE 2012:6025 python-pam security update for SLE 11 SP1 x86_64

Novell SUSE 2012:6025 python-pam security update for SLE 11 SP1 i586

Novell SUSE 2012:8031 python-pam security update for SLE 10 SP4 i586

Novell SUSE 2012:8031 python-pam security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:56:32