CVE-2013-7041
Published: 8 May 2014
The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.
Notes
Author | Note |
---|---|
mdeslaur | see additional comments in oss-security thread |
Priority
Status
Package | Release | Status |
---|---|---|
pam Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(1.1.3-7ubuntu2.1)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Released
(1.1.8-1ubuntu2.1)
|
|
upstream |
Released
(1.1.8-3.1)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Not vulnerable
(1.1.8-3.1ubuntu3)
|
|
wily |
Not vulnerable
(1.1.8-3.1ubuntu3)
|
|
Patches: vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731368 |