{"id":"USN-2935-1","summary":"pam vulnerabilities","details":"It was discovered that the PAM pam_userdb module incorrectly used a\ncase-insensitive method when comparing hashed passwords. A local attacker\ncould possibly use this issue to make brute force attacks easier. This\nissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7041)\n\nSebastian Krahmer discovered that the PAM pam_timestamp module incorrectly\nperformed filtering. A local attacker could use this issue to create\narbitrary files, or possibly bypass authentication. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2583)\n\nSebastien Macke discovered that the PAM pam_unix module incorrectly handled\nlarge passwords. A local attacker could possibly use this issue in certain\nenvironments to enumerate usernames or cause a denial of service.\n(CVE-2015-3238)\n","modified":"2026-04-22T09:22:51.875609Z","published":"2016-03-16T13:45:39Z","related":["UBUNTU-CVE-2013-7041","UBUNTU-CVE-2014-2583","UBUNTU-CVE-2015-3238"],"upstream":["CVE-2013-7041","CVE-2014-2583","CVE-2015-3238","UBUNTU-CVE-2013-7041","UBUNTU-CVE-2014-2583","UBUNTU-CVE-2015-3238"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2935-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-7041"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-2583"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-3238"}],"affected":[{"package":{"name":"pam","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/pam@1.1.8-1ubuntu2.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.8-1ubuntu2.1"}]}],"versions":["1.1.3-8ubuntu3","1.1.3-10ubuntu1","1.1.3-11ubuntu1","1.1.8-1ubuntu1","1.1.8-1ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.1.8-1ubuntu2.1","binary_name":"libpam-cracklib"},{"binary_version":"1.1.8-1ubuntu2.1","binary_name":"libpam-modules"},{"binary_version":"1.1.8-1ubuntu2.1","binary_name":"libpam-modules-bin"},{"binary_version":"1.1.8-1ubuntu2.1","binary_name":"libpam-runtime"},{"binary_version":"1.1.8-1ubuntu2.1","binary_name":"libpam0g"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"id":"CVE-2013-7041","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2014-2583","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2015-3238","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"type":"Ubuntu","score":"low"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2935-1.json"}}],"schema_version":"1.7.5"}