VYPR

rpm package

suse/pam&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4

pkg:rpm/suse/pam&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4

Vulnerabilities (2)

  • CVE-2015-3238MedAug 24, 2015
    affected < 1.1.5-0.17.2fixed 1.1.5-0.17.2

    The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.

  • CVE-2013-7041May 8, 2014
    affected < 1.1.5-0.17.2fixed 1.1.5-0.17.2

    The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.