CVE-2012-1502

Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.

🔗 References (20)

• cve@mitrehttp://lists.opensuse.org/opensuse-updates/2012-04/msg00027.html
• cve@mitrehttp://secunia.com/advisories/48312
• cve@mitrehttp://secunia.com/advisories/48332
• cve@mitrehttp://secunia.com/advisories/48746
• cve@mitrehttp://ubuntu.com/usn/usn-1395-1
• cve@mitrehttp://www.debian.org/security/2012/dsa-2430
• cve@mitrehttp://www.lsexperts.de/advisories/lse-2012-03-01.txt
• cve@mitrehttp://www.osvdb.org/79892
• cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/73857
• cve@mitrehttps://security.gentoo.org/glsa/201507-09
• af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-04/msg00027.html
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48312
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48332
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48746
• af854a3a-2127-422b-91ae-364da2661108http://ubuntu.com/usn/usn-1395-1