Advisory ID

12023

Release date

2015-11-24

Last Updated

2015-11-26

Issue Severity

NO IMPACT

Source

Source

US-CERT/NIS

Release date

2015-08-24

CVSS v2 Base Score

5.8 (MEDIUM)

Problem Description

It was discovered that the _unix_run_helper_binary() function of PAM's unix_pam module could write to a blocking pipe, possibly causing the function to become unresponsive. An attacker able to supply large passwords to the unix_pam module could use this flaw to enumerate valid user accounts, or cause a denial of service on the system.

Find more about CVE-2015-3228 from MITRE CVE directory and NIST NVD.

Impact

According to the description, this is only a problem if the pam_unix module asks for password. As boks_sshd does not handle password authentication (or any other type of authentication) via pam, boks_sshd is not vulnerable to this.

Affected Products

No FoxT product is affected by this vulnerability

Workaround

N/A

Obtaining Fixed Software

N/A

External References

OpenSSH: Linix-PAM 1.2.1 releases to address CVE-2015-3238








Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018