oss-sec mailing list archives
CVE request: pam_shield
From: Jonathan Niehof <jtniehof () gmail com>
Date: Fri, 11 May 2012 14:04:43 -0600
Requestor: Jonathan Niehof, jtniehof () gmail com package: pam_shield, http://www.heiho.net/pam_shield/index.html Type of vulnerability: This utility is intended to block IP addresses showing suspicious behaviour, to disarm a potential attack. In versions before 0.9.4, if configuration option "allow_missing_dns" is set to no, it performs no blocking. This setting is used in the example configuration file, which is installed by default in Debian. Thus, systems using the suggested or default configuration receive no protection. This vulnerability provides no vector for an attacker, local or remote, to gain any privileges. It simply fails to provide the intended protection. Mainline fix: https://github.com/walterdejong/pam_shield/commit/afa7b246018787fe6028289c414c33292641e1e0 Debian bug report and fix: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658830 Vulnerable versions: mainline up to and including 0.9.3. Debian up to and including 0.9.2-3.2 First fixed versions: mainline 0.9.4. Debian 0.9.2-3.3
Current thread:
- CVE request: pam_shield Jonathan Niehof (May 11)
- Re: CVE request: pam_shield Kurt Seifried (May 11)