CVE-2015-3238
CVSS5.8
发布时间 :2015-08-24 10:59:04
修订时间 :2016-12-02 22:09:08
NMPS    

[原文]The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.


[CNNVD]CNNVD数据暂缺。


[机译]Google 翻译(企业版):

- CVSS (基础分值)

CVSS分值: 5.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-200 [信息暴露]

- CPE (受影响的平台与产品)

cpe:/a:oracle:sparc-opl_service_processor:1121
cpe:/a:kernel:linux-pam:1.2.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3238
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3238
(官方数据源) NVD

- 其它链接及资源

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html
(UNKNOWN)  FEDORA  FEDORA-2015-10848
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html
(UNKNOWN)  FEDORA  FEDORA-2015-10830
http://rhn.redhat.com/errata/RHSA-2015-1640.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2015:1640
http://www.openwall.com/lists/oss-security/2015/06/25/13
(UNKNOWN)  MLIST  [oss-security] 20150625 Linux-PAM 1.2.1 released to address CVE-2015-3238
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
(UNKNOWN)  CONFIRM  http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.securityfocus.com/bid/75428
(UNKNOWN)  BID  75428
http://www.ubuntu.com/usn/USN-2935-1
(UNKNOWN)  UBUNTU  USN-2935-1
http://www.ubuntu.com/usn/USN-2935-2
(UNKNOWN)  UBUNTU  USN-2935-2
http://www.ubuntu.com/usn/USN-2935-3
(UNKNOWN)  UBUNTU  USN-2935-3
https://bugzilla.redhat.com/show_bug.cgi?id=1228571
(UNKNOWN)  CONFIRM  https://bugzilla.redhat.com/show_bug.cgi?id=1228571
https://security.gentoo.org/glsa/201605-05
(UNKNOWN)  GENTOO  GLSA-201605-05
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551
(UNKNOWN)  MISC  https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551
https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/
(UNKNOWN)  MISC  https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/

- 漏洞信息 (F133134)

Red Hat Security Advisory 2015-1640-01 (PacketStormID:F133134)
2015-08-18 00:00:00
Red Hat  
advisory,denial of service
linux,redhat
CVE-2015-3238
[点击下载]

Red Hat Security Advisory 2015-1640-01 - Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. It was discovered that the _unix_run_helper_binary() function of PAM's unix_pam module could write to a blocking pipe, possibly causing the function to become unresponsive. An attacker able to supply large passwords to the unix_pam module could use this flaw to enumerate valid user accounts, or cause a denial of service on the system.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: pam security update
Advisory ID:       RHSA-2015:1640-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1640.html
Issue date:        2015-08-18
CVE Names:         CVE-2015-3238 
=====================================================================

1. Summary:

An updated pam package that fixes one security issue is now available for
Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Pluggable Authentication Modules (PAM) provide a system whereby
administrators can set up authentication policies without having to
recompile programs to handle authentication.

It was discovered that the _unix_run_helper_binary() function of PAM's
unix_pam module could write to a blocking pipe, possibly causing the
function to become unresponsive. An attacker able to supply large passwords
to the unix_pam module could use this flaw to enumerate valid user
accounts, or cause a denial of service on the system. (CVE-2015-3238)

Red Hat would like to thank Sebastien Macke of Trustwave SpiderLabs for
reporting this issue.

All pam users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1228571 - CVE-2015-3238 pam: DoS/user enumeration due to blocking pipe in pam_unix module

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
pam-1.1.1-20.el6_7.1.src.rpm

i386:
pam-1.1.1-20.el6_7.1.i686.rpm
pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm

x86_64:
pam-1.1.1-20.el6_7.1.i686.rpm
pam-1.1.1-20.el6_7.1.x86_64.rpm
pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm
pam-debuginfo-1.1.1-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm
pam-devel-1.1.1-20.el6_7.1.i686.rpm

x86_64:
pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm
pam-debuginfo-1.1.1-20.el6_7.1.x86_64.rpm
pam-devel-1.1.1-20.el6_7.1.i686.rpm
pam-devel-1.1.1-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
pam-1.1.1-20.el6_7.1.src.rpm

x86_64:
pam-1.1.1-20.el6_7.1.i686.rpm
pam-1.1.1-20.el6_7.1.x86_64.rpm
pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm
pam-debuginfo-1.1.1-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm
pam-debuginfo-1.1.1-20.el6_7.1.x86_64.rpm
pam-devel-1.1.1-20.el6_7.1.i686.rpm
pam-devel-1.1.1-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
pam-1.1.1-20.el6_7.1.src.rpm

i386:
pam-1.1.1-20.el6_7.1.i686.rpm
pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm
pam-devel-1.1.1-20.el6_7.1.i686.rpm

ppc64:
pam-1.1.1-20.el6_7.1.ppc.rpm
pam-1.1.1-20.el6_7.1.ppc64.rpm
pam-debuginfo-1.1.1-20.el6_7.1.ppc.rpm
pam-debuginfo-1.1.1-20.el6_7.1.ppc64.rpm
pam-devel-1.1.1-20.el6_7.1.ppc.rpm
pam-devel-1.1.1-20.el6_7.1.ppc64.rpm

s390x:
pam-1.1.1-20.el6_7.1.s390.rpm
pam-1.1.1-20.el6_7.1.s390x.rpm
pam-debuginfo-1.1.1-20.el6_7.1.s390.rpm
pam-debuginfo-1.1.1-20.el6_7.1.s390x.rpm
pam-devel-1.1.1-20.el6_7.1.s390.rpm
pam-devel-1.1.1-20.el6_7.1.s390x.rpm

x86_64:
pam-1.1.1-20.el6_7.1.i686.rpm
pam-1.1.1-20.el6_7.1.x86_64.rpm
pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm
pam-debuginfo-1.1.1-20.el6_7.1.x86_64.rpm
pam-devel-1.1.1-20.el6_7.1.i686.rpm
pam-devel-1.1.1-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
pam-1.1.1-20.el6_7.1.src.rpm

i386:
pam-1.1.1-20.el6_7.1.i686.rpm
pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm
pam-devel-1.1.1-20.el6_7.1.i686.rpm

x86_64:
pam-1.1.1-20.el6_7.1.i686.rpm
pam-1.1.1-20.el6_7.1.x86_64.rpm
pam-debuginfo-1.1.1-20.el6_7.1.i686.rpm
pam-debuginfo-1.1.1-20.el6_7.1.x86_64.rpm
pam-devel-1.1.1-20.el6_7.1.i686.rpm
pam-devel-1.1.1-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source:
pam-1.1.8-12.el7_1.1.src.rpm

x86_64:
pam-1.1.8-12.el7_1.1.i686.rpm
pam-1.1.8-12.el7_1.1.x86_64.rpm
pam-debuginfo-1.1.8-12.el7_1.1.i686.rpm
pam-debuginfo-1.1.8-12.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
pam-debuginfo-1.1.8-12.el7_1.1.i686.rpm
pam-debuginfo-1.1.8-12.el7_1.1.x86_64.rpm
pam-devel-1.1.8-12.el7_1.1.i686.rpm
pam-devel-1.1.8-12.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
pam-1.1.8-12.el7_1.1.src.rpm

x86_64:
pam-1.1.8-12.el7_1.1.i686.rpm
pam-1.1.8-12.el7_1.1.x86_64.rpm
pam-debuginfo-1.1.8-12.el7_1.1.i686.rpm
pam-debuginfo-1.1.8-12.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
pam-debuginfo-1.1.8-12.el7_1.1.i686.rpm
pam-debuginfo-1.1.8-12.el7_1.1.x86_64.rpm
pam-devel-1.1.8-12.el7_1.1.i686.rpm
pam-devel-1.1.8-12.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
pam-1.1.8-12.el7_1.1.src.rpm

ppc64:
pam-1.1.8-12.el7_1.1.ppc.rpm
pam-1.1.8-12.el7_1.1.ppc64.rpm
pam-debuginfo-1.1.8-12.el7_1.1.ppc.rpm
pam-debuginfo-1.1.8-12.el7_1.1.ppc64.rpm
pam-devel-1.1.8-12.el7_1.1.ppc.rpm
pam-devel-1.1.8-12.el7_1.1.ppc64.rpm

s390x:
pam-1.1.8-12.el7_1.1.s390.rpm
pam-1.1.8-12.el7_1.1.s390x.rpm
pam-debuginfo-1.1.8-12.el7_1.1.s390.rpm
pam-debuginfo-1.1.8-12.el7_1.1.s390x.rpm
pam-devel-1.1.8-12.el7_1.1.s390.rpm
pam-devel-1.1.8-12.el7_1.1.s390x.rpm

x86_64:
pam-1.1.8-12.el7_1.1.i686.rpm
pam-1.1.8-12.el7_1.1.x86_64.rpm
pam-debuginfo-1.1.8-12.el7_1.1.i686.rpm
pam-debuginfo-1.1.8-12.el7_1.1.x86_64.rpm
pam-devel-1.1.8-12.el7_1.1.i686.rpm
pam-devel-1.1.8-12.el7_1.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
pam-1.1.8-12.ael7b_1.1.src.rpm

ppc64le:
pam-1.1.8-12.ael7b_1.1.ppc64le.rpm
pam-debuginfo-1.1.8-12.ael7b_1.1.ppc64le.rpm
pam-devel-1.1.8-12.ael7b_1.1.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
pam-1.1.8-12.el7_1.1.src.rpm

x86_64:
pam-1.1.8-12.el7_1.1.i686.rpm
pam-1.1.8-12.el7_1.1.x86_64.rpm
pam-debuginfo-1.1.8-12.el7_1.1.i686.rpm
pam-debuginfo-1.1.8-12.el7_1.1.x86_64.rpm
pam-devel-1.1.8-12.el7_1.1.i686.rpm
pam-devel-1.1.8-12.el7_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-3238
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD4DBQFV04JBXlSAg2UNWIIRAqOzAJ9EbtvfQumSyuGIDUvsrz4LuGDaigCXf+Hq
jEKopvJJZBS387fy3yznhQ==
=7uik
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F137238)

Gentoo Linux Security Advisory 201605-05 (PacketStormID:F137238)
2016-05-31 00:00:00
Gentoo  security.gentoo.org
advisory,remote,denial of service,vulnerability
linux,gentoo
CVE-2013-7041,CVE-2014-2583,CVE-2015-3238
[点击下载]

Gentoo Linux Security Advisory 201605-5 - Multiple vulnerabilities have been found in Linux-PAM, allowing remote attackers to bypass the auth process and cause Denial of Service. Versions less than 1.2.1 are affected.

From: Yury German <blueknight@gentoo.org>
To: gentoo-announce@lists.gentoo.org
Message-ID: <9d33ce68-d078-f5b5-4a78-c18388b34003@gentoo.org>
Subject: [ GLSA 201605-05 ] Linux-PAM: Multiple vulnerabilities




- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201605-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Linux-PAM: Multiple vulnerabilities
     Date: May 31, 2016
     Bugs: #493432, #505604, #553302
       ID: 201605-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Linux-PAM, allowing remote
attackers to bypass the auth process and cause Denial of Service.

Background
==========

Linux-PAM (Pluggable Authentication Modules) is an architecture
allowing the separation of the development of privilege granting
software from the development of secure and appropriate authentication
schemes.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  sys-libs/pam                 < 1.2.1                    >= 1.2.1

Description
===========

Multiple vulnerabilities have been discovered in Linux-PAM.  Please
review the CVE identifiers referenced below for details.

Impact
======

Remote attackers could cause Denial of Service, conduct brute force
attacks, and conduct username enumeration.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Linux-PAM users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=sys-libs/pam-1.2.1"

References
==========

[ 1 ] CVE-2013-7041
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7041
[ 2 ] CVE-2014-2583
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2583
[ 3 ] CVE-2015-3238
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3238
[ 4 ] CVE-2015-3238
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3238

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201605-05

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



--6VU9icmgeIXuOB5H0r1BNdlOc7kBIb5uN
    

- 漏洞信息

Linux-PAM '_unix_run_helper_binary()' Function Denial of Service Vulnerability
Design Error 75428
Yes No
2015-06-25 12:00:00 2015-06-25 12:00:00
Dmitry V. Levin

- 受影响的程序版本

Linux-PAM Linux-PAM 1.0.4
Linux-PAM Linux-PAM 1.0.3
Linux-PAM Linux-PAM 0.99.7 .1
Linux-PAM Linux-PAM 0.99.7 .0
Linux-PAM Linux-PAM 0.78
Linux-PAM Linux-PAM 0.77
Linux-PAM Linux-PAM 1.1.2
Linux-PAM Linux-PAM 1.1.1
Linux-PAM Linux-PAM 0.99.6.2

- 漏洞讨论

Linux-PAM is prone to a denial-of-service vulnerability.

Successfully exploiting this issue will allow an attacker to cause denial-of-service condition and to harvest valid user accounts, which may aid in brute-force attacks.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站