854480 – (CVE-2013-7041) VUL-1: CVE-2013-7041: pam: password hashes aren't compared case-sensitively

Bug 854480 (CVE-2013-7041) - VUL-1: CVE-2013-7041: pam: password hashes aren't compared case-sensitively

Summary: VUL-1: CVE-2013-7041: pam: password hashes aren't compared case-sensitively

Status:	RESOLVED FIXED

Alias:	CVE-2013-7041

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Deadline:	2017-02-10
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/94516/
Whiteboard:	CVSSv2:NVD:CVE-2013-7041:4.3:(AV:N/AC...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2013-12-09 12:36 UTC by Sebastian Krahmer
Modified:	2019-05-21 14:42 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2013-12-09 12:36:23 UTC

pam_userdb issue probably doesnt qualify for instant update.

OSS:11640



References:
https://bugzilla.redhat.com/show_bug.cgi?id=1038555
http://comments.gmane.org/gmane.comp.security.oss.general/11640

Comment 1 Swamp Workflow Management 2013-12-09 23:00:41 UTC

bugbot adjusting priority

Comment 2 Sebastian Krahmer 2013-12-10 07:30:41 UTC

CVE-2013-7041

Comment 3 Sebastian Krahmer 2013-12-11 10:10:44 UTC

Can you check which products are affected? I'd assign these
for pending updates then. I dont think this qualifies for
immediate update as we dont have pam_userdb in a default setup.

Comment 9 Swamp Workflow Management 2016-06-21 14:08:23 UTC

SUSE-SU-2016:1645-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 854480,934920,962220
CVE References: CVE-2013-7041,CVE-2015-3238
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    pam-1.1.5-0.17.2
SUSE Linux Enterprise Server 11-SP4 (src):    pam-1.1.5-0.17.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    pam-1.1.5-0.17.2

Comment 14 Swamp Workflow Management 2017-01-13 14:15:13 UTC

An update workflow for this issue was started.
This issue was rated as low.
Please submit fixed packages until 2017-02-10.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63346

Comment 15 Johannes Segitz 2017-08-03 13:53:07 UTC

fixed in supported products