rpm package
suse/pam&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
pkg:rpm/suse/pam&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-3238 | Med | 6.5 | < 1.1.5-0.17.2 | 1.1.5-0.17.2 | Aug 24, 2015 | The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. | |
| CVE-2013-7041 | — | < 1.1.5-0.17.2 | 1.1.5-0.17.2 | May 8, 2014 | The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack. |
- affected < 1.1.5-0.17.2fixed 1.1.5-0.17.2
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
- CVE-2013-7041May 8, 2014affected < 1.1.5-0.17.2fixed 1.1.5-0.17.2
The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.