Published: 16/06/2012 Updated: 29/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and previous versions allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pypam pypam

PyPAM could be made to crash or possibly run programs if it processed a specially crafted password ...

=== LSE Leading Security Experts - Security Advisory 2012-03-01 === PyPAM -- Python bindings for PAM - Double Free Corruption --------------------------------------------------------- Affected Versions ================= PyPAM <= 042 Red Hat PyPAM <= 050-12 Debian python-pam <= 042-122 Ubuntu python-pam <= 042-122 SUSE python ...

By supplying a NULL-byte to the PyPAM module, a double-free condition is triggered This condition may allow for remote code execution Proof of concept included ...

CWE-399 http://secunia.com/advisories/48746 http://lists.opensuse.org/opensuse-updates/2012-04/msg00027.html http://www.osvdb.org/79892 http://www.debian.org/security/2012/dsa-2430 http://ubuntu.com/usn/usn-1395-1 http://secunia.com/advisories/48332 http://www.lsexperts.de/advisories/lse-2012-03-01.txt http://secunia.com/advisories/48312 https://security.gentoo.org/glsa/201507-09 https://exchange.xforce.ibmcloud.com/vulnerabilities/73857 https://usn.ubuntu.com/1395-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/18579/

CVE-2012-1502

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect