Launchpad.net

CVE 2012-1502

Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.

Related bugs and status

CVE-2012-1502 (Candidate) is related to these bugs:

Bug #949218: Double free security issue

		In	Importance	Status
949218	Double free security issue	python-pam (Ubuntu)	Medium	Fix Released
949218	Double free security issue	python-pam (Ubuntu Lucid)	Medium	Fix Released
949218	Double free security issue	python-pam (Ubuntu Maverick)	Medium	Fix Released
949218	Double free security issue	python-pam (Ubuntu Precise)	Medium	Fix Released
949218	Double free security issue	python-pam (Ubuntu Oneiric)	Medium	Fix Released
949218	Double free security issue	python-pam (Ubuntu Natty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.lsexperts.d...
DEBIAN: DSA-2430
SUSE: openSUSE-SU-2012:0487
UBUNTU: USN-1395-1
OSVDB: 79892
SECUNIA: 48312
SECUNIA: 48332
SECUNIA: 48746
GENTOO: GLSA-201507-09
XF: pypam-password-dos(73857)