This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
The remote Oracle Linux host is missing one or more security updates.
From Red Hat Security Advisory 2015:1640 :
An updated pam package that fixes one security issue is now available
for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Pluggable Authentication Modules (PAM) provide a system whereby
administrators can set up authentication policies without having to
recompile programs to handle authentication.
It was discovered that the _unix_run_helper_binary() function of PAM's
unix_pam module could write to a blocking pipe, possibly causing the
function to become unresponsive. An attacker able to supply large
passwords to the unix_pam module could use this flaw to enumerate
valid user accounts, or cause a denial of service on the system.
Red Hat would like to thank Sebastien Macke of Trustwave SpiderLabs
for reporting this issue.
All pam users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
See also :
Update the affected pam packages.
Risk factor :
Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 4.8
Public Exploit Available : true