ALT Linux Team

Package linux-pam update in c10f2 on 2024-07-01

ALT-PU-2024-9044-3

Package linux-pam updated to version 1.6.1-alt1 for branch c10f2 in task 350872.

Closed vulnerabilities

Published: 2024-01-09

BDU:2024-00829

Уязвимость функции protect_dir (pam_namespace.so) модуля аутентификации Linux-PAM, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.3) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Severity: LOW (1.7) Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P
References:
Published: 2024-02-06
Modified: 2025-06-05

CVE-2024-22365

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top