DEBIAN-CVE-2015-3238

DEBIAN-CVE-2015-3238 PUBLISHED CVSS 6.5 MEDIUM

The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.

Risk Scores

CVSS v3.0

6.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected Products

Vendor	Product	Versions
Debian:13	pam	0, 0, 0
Debian:14	pam	0, 0, 0
Debian:11	pam	0, 0, 0
Debian:12	pam	0, 0, 0

Timeline

Aug 24, 2015 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2015-3238 advisory

Open in Interactive Console →