USN-2935-1: PAM vulnerabilities
USN-2935-1: PAM vulnerabilities Ubuntu Security Notice USN-2935-1 16th March, 2016 pam vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in PAM. Software description pam – Pluggable Authentication Modules Details It was discovered that the PAM pam_userdb module incorrectly used acase-insensitive method when comparing hashed passwords. A local attackercould possibly use this issue to make brute force attacks easier. Thisissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7041) Sebastian Krahmer discovered that the PAM pam_timestamp module incorrectlyperformed filtering. A local attacker could use this issue to createarbitrary files, or possibly bypass authentication. This issue onlyaffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2583) Sebastien Macke discovered that the PAM pam_unix module incorrectly handledlarge passwords. A local attacker could possibly use this [ more… ]
