Medium severity6.5NVD Advisory· Published Aug 24, 2015· Updated May 6, 2026

CVE-2015-3238

Description

The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.

Affected products

Linux Pam/Linux Pam
cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*
Range: <=1.1.8
Oracle Corporation/Sparc Opl Service Processor
cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*
Range: <=1121

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/nvdExploit
www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/nvdExploit
rhn.redhat.com/errata/RHSA-2015-1640.htmlnvdVendor Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.htmlnvd
www.openwall.com/lists/oss-security/2015/06/25/13nvd
www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlnvd
www.securityfocus.com/bid/75428nvd
www.ubuntu.com/usn/USN-2935-1nvd
www.ubuntu.com/usn/USN-2935-2nvd
www.ubuntu.com/usn/USN-2935-3nvd
bugzilla.redhat.com/show_bug.cginvd
security.gentoo.org/glsa/201605-05nvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000