Vulnerability CVE-2012-1502

Vulnerability Name:

CVE-2012-1502 (CCN-73857)

Assigned:

2012-03-08

Published:

2012-03-08

Updated:

2017-08-29

Summary:

Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-399

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2012-1502

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:0487

Source: CCN
Type: Packetstorm Security Website
PyPAM 0.4.2 Double-Free Corruption

Source: SECUNIA
Type: Vendor Advisory
48312

Source: SECUNIA
Type: Vendor Advisory
48332

Source: SECUNIA
Type: Vendor Advisory
48746

Source: UBUNTU
Type: UNKNOWN
USN-1395-1

Source: DEBIAN
Type: UNKNOWN
DSA-2430

Source: DEBIAN
Type: DSA-2430
python-pam -- double free

Source: MISC
Type: Exploit
http://www.lsexperts.de/advisories/lse-2012-03-01.txt

Source: OSVDB
Type: UNKNOWN
79892

Source: CCN
Type: OSVDB ID: 79892
Python Bindings for PAM (PyPAM) PAMmodule.c PyPAM_conv() Function NULL-byte Password Authentication Request Parsing Double-free Remote Code Execution

Source: CCN
Type: BID-52370
PyPAM Password Null Byte Handling Dereference Denial Of Service Vulnerability

Source: CCN
Type: USN-1395-1
PyPAM vulnerability

Source: XF
Type: UNKNOWN
pypam-password-dos(73857)

Source: XF
Type: UNKNOWN
pypam-password-dos(73857)

Source: GENTOO
Type: UNKNOWN
GLSA-201507-09

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [03-10-2012]

Vulnerable Configuration:

Configuration 1:

cpe:/a:pypam:pypam:*:*:*:*:*:*:*:* (Version <= 0.5.0)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42429	P	Security update for harfbuzz (Important)	2022-08-04
oval:org.opensuse.security:def:20121502	V	CVE-2012-1502	2022-05-20
oval:org.opensuse.security:def:29463	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:32242	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:26172	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:31706	P	Security update for postgresql96 (Important)	2021-11-22
oval:org.opensuse.security:def:32203	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:26148	P	Security update for javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags (Important)	2021-10-15
oval:org.opensuse.security:def:32201	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:33004	P	Security update for transfig (Moderate)	2021-09-16
oval:org.opensuse.security:def:26115	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:29414	P	Security update for aspell (Important)	2021-08-25
oval:org.opensuse.security:def:30239	P	Security update for aspell (Important)	2021-08-25
oval:org.opensuse.security:def:32985	P	Security update for openssl (Important)	2021-08-24
oval:org.opensuse.security:def:32154	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:32946	P	Security update for freeradius-server (Moderate)	2021-06-11
oval:org.opensuse.security:def:36281	P	python-pam-0.5.0-3.20.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42688	P	python-pam-0.5.0-3.20.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:29360	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:30202	P	Security update for libwebp (Critical)	2021-06-02
oval:org.opensuse.security:def:31747	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:31748	P	Security update for openssl (Moderate)	2021-03-24
oval:org.opensuse.security:def:33099	P	Security update for python36 (Moderate)	2021-03-19
oval:org.opensuse.security:def:32264	P	Security update for perl-XML-Twig (Moderate)	2021-03-01
oval:org.opensuse.security:def:26201	P	Security update for java-1_8_0-ibm (Important)	2021-02-26
oval:org.opensuse.security:def:26034	P	Security update for openldap2 (Moderate)	2021-01-14
oval:org.opensuse.security:def:32114	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:32098	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:36022	P	python-pam-0.5.0-3.20.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25647	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:32567	P	libsndfile on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32779	P	qt3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26256	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25913	P	Security update for tcpdump, libpcap (Moderate)	2020-12-01
oval:org.opensuse.security:def:29502	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26509	P	Security update for cacti, cacti-spine (Moderate)	2020-12-01
oval:org.opensuse.security:def:31833	P	Security update for bind (Moderate)	2020-12-01
oval:org.opensuse.security:def:31500	P	Security update for python-paramiko (Moderate)	2020-12-01
oval:org.opensuse.security:def:33243	P	python-lxml on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26606	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28769	P	Security update for libssh2	2020-12-01
oval:org.opensuse.security:def:26303	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:25830	P	Security update for libimobiledevice, usbmuxd (Important)	2020-12-01
oval:org.opensuse.security:def:31798	P	Security update for OpenEXR (Moderate)	2020-12-01
oval:org.opensuse.security:def:33506	P	Security update for openslp	2020-12-01
oval:org.opensuse.security:def:28980	P	Security update for tidy (Low)	2020-12-01
oval:org.opensuse.security:def:32413	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:27020	P	python-pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25906	P	Security update for sane-backends (Moderate)	2020-12-01
oval:org.opensuse.security:def:33613	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:25583	P	Security update for python36 (Important)	2020-12-01
oval:org.opensuse.security:def:29207	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:32523	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32778	P	pyxml on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25856	P	Security update for gd (Important)	2020-12-01
oval:org.opensuse.security:def:33244	P	python-pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32869	P	glib2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26460	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:31759	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:29564	P	Security update for OpenEXR (Moderate)	2020-12-01
oval:org.opensuse.security:def:31489	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:33156	P	libjasper on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26562	P	gtk2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28768	P	Security update for net-snmp	2020-12-01
oval:org.opensuse.security:def:32057	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26289	P	Security update for sane-backends (Important)	2020-12-01
oval:org.opensuse.security:def:33457	P	Security update for ipsec-tools	2020-12-01
oval:org.opensuse.security:def:27279	P	python-pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28849	P	Security update for xalan-j2	2020-12-01
oval:org.opensuse.security:def:32357	P	Security update for squid3 (Important)	2020-12-01
oval:org.opensuse.security:def:26985	P	logrotate on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25842	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31942	P	Security update for gnome-session (Moderate)	2020-12-01
oval:org.opensuse.security:def:33569	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:25572	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:29123	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32501	P	dbus-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34291	P	Security update for python-pam	2020-12-01
oval:org.opensuse.security:def:25775	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:33205	P	mipv6d on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32790	P	sysconfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26407	P	Security update for libmad (Moderate)	2020-12-01
oval:org.opensuse.security:def:32308	P	Security update for python-numpy (Important)	2020-12-01
oval:org.opensuse.security:def:25997	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29520	P	Security update for LibVNCServer (Critical)	2020-12-01
oval:org.opensuse.security:def:31488	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:26548	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31965	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:26250	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31574	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:33400	P	Security update for salt (Moderate)	2020-12-01
oval:org.opensuse.security:def:27244	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28780	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26347	P	Security update for jq (Low)	2020-12-01
oval:org.opensuse.security:def:25831	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31855	P	Security update for crash (Low)	2020-12-01
oval:org.opensuse.security:def:33545	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25571	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:29066	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:32462	P	Security update for xorg-x11-libXfixes (Moderate)	2020-12-01
oval:org.opensuse.security:def:34251	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.mitre.oval:def:14895	P	USN-1395-1 -- PyPAM vulnerability	2014-06-30
oval:org.mitre.oval:def:14779	P	DSA-2430-1 python-pam -- double free	2014-06-23

BACK