CVE-2015-3238 : The _unix_run_helper_binary function in the pam

The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.

Published 2015-08-24 14:59:04

Updated 2023-02-12 23:15:32

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of serviceInformation leak

Products affected by CVE-2015-3238

Oracle » Sparc-opl Service Processor
Versions up to, including, (<=) 1121
cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*
Matching versions
Linux-pam » Linux-pam
Versions up to, including, (<=) 1.1.8
cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-3238

EPSS FAQ

0.54%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 77 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-3238

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:P	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial
6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L	3.9	2.5	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: Low

CWE ids for CVE-2015-3238

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-3238

http://rhn.redhat.com/errata/RHSA-2015-1640.html

RHSA-2015:1640 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/06/25/13

oss-security - Linux-PAM 1.2.1 released to address CVE-2015-3238
http://www.ubuntu.com/usn/USN-2935-2

USN-2935-2: PAM regression | Ubuntu security notices

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

cpuapr2016v3

CVEs referencing this url
https://security.gentoo.org/glsa/201605-05

Linux-PAM: Multiple vulnerabilities (GLSA 201605-05) — Gentoo security

CVEs referencing this url
http://www.securityfocus.com/bid/75428

Linux-PAM '_unix_run_helper_binary()' Function Denial of Service Vulnerability
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html

[SECURITY] Fedora 21 Update: pam-1.1.8-19.fc21
http://www.ubuntu.com/usn/USN-2935-1

USN-2935-1: PAM vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html

[SECURITY] Fedora 22 Update: pam-1.1.8-19.fc22
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-011/?fid=6551

Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=1228571

1228571 – (CVE-2015-3238) CVE-2015-3238 pam: DoS/user enumeration due to blocking pipe in pam_unix module
http://www.ubuntu.com/usn/USN-2935-3

USN-2935-3: PAM regression | Ubuntu security notices

CVEs referencing this url
https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/

Username Enumeration against OpenSSH/SELinux with CVE-2015-3238 | Trustwave | SpiderLabs | Trustwave
Exploit

Jump to

Vulnerability Details : CVE-2015-3238

Products affected by CVE-2015-3238

Exploit prediction scoring system (EPSS) score for CVE-2015-3238

CVSS scores for CVE-2015-3238

CWE ids for CVE-2015-3238

References for CVE-2015-3238