CVE-CVE-2011-3148 | UNKNOWN Severity | CVEDatabase.com

Description

Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file.

CVSS Metrics

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Access Vector: local
Access Cmplx: low
Auth: none
Confidentiality: partial
Integrity: partial
Availability: partial
Weaknesses: CWE-119

Metadata

Primary Vendor: LINUX-PAM
Published: 7/22/2012
Last Modified: 4/11/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

linux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pamlinux-pam : linux-pam

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD