Detections
Analytics

GLSA-201402-12 : PAM S/Key: Information disclosure

medium Nessus Plugin ID 72413

Language:

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-201402-12 (PAM S/Key: Information disclosure)

 Ulrich Müller reported that a Gentoo patch to PAM S/Key does not remove credentials provided by the user from memory.
 Impact :

 A local attacker with privileged access could inspect a memory dump to gain access to cleartext credentials provided by users.
 Workaround :

 There is no known workaround at this time.

Solution

All PAM S/Key users should upgrade to the latest version:
 # emerge --sync # emerge --ask --oneshot --verbose '>=sys-auth/pam_skey-1.1.5-r5'

See Also

http://www.gentoo.org/security/en/glsa/glsa-201402-12.xml

Plugin Details

Severity: Medium

ID: 72413

File Name: gentoo_GLSA-201402-12.nasl

Version: 1.6

Type: local

Published: 2/10/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:pam_skey, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 2/9/2014

Reference Information

CVE: CVE-2013-4285

GLSA: 201402-12