CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10041 – Pam: libpam: libpam vulnerable to read hashed password
https://notcve.org/view.php?id=CVE-2024-10041
23 Oct 2024 — A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. This update for apparmor fixes the following issues. • https://access.redhat.com/security/cve/CVE-2024-10041 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22365 – pam: allowing unprivileged user to block another user namespace
https://notcve.org/view.php?id=CVE-2024-22365
18 Jan 2024 — linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. linux-pam (también conocido como Linux PAM) anterior a 1.6.0 permite a los atacantes provocar una denegación de servicio (proceso de inicio de sesión bloqueado) a través de mkfifo porque la llamada openat (para protect_dir) carece de O_DIRECTORY. A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a co... • http://www.openwall.com/lists/oss-security/2024/01/18/3 • CWE-277: Insecure Inherited Permissions CWE-664: Improper Control of a Resource Through its Lifetime •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28321 – Ubuntu Security Notice USN-5825-2
https://notcve.org/view.php?id=CVE-2022-28321
19 Sep 2022 — The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. El paquete Linux-PAM versiones anteriores a 1.5.2-... • http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27780 – Gentoo Linux Security Advisory 202012-06
https://notcve.org/view.php?id=CVE-2020-27780
07 Dec 2020 — A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate. Se encontró un fallo en Linux-Pam en versiones anteriores a 1.5.1 en la manera en que maneja contraseñas vacías para usuarios inexistentes. Cuando el usuario no existe, PAM intenta autenticarse con root y en el caso de una contraseña vacía, es autenticado con ... • https://bugzilla.redhat.com/show_bug.cgi?id=1901094 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 3%CPEs: 2EXPL: 2CVE-2015-3238 – pam: DoS/user enumeration due to blocking pipe in pam_unix module
https://notcve.org/view.php?id=CVE-2015-3238
18 Aug 2015 — The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. Vulnerabilidad en la función _unix_run_helper_binary en el módulo pam_unix en Linux-PAM (también conocido como pam) en versiones anteriores a 1.2.1, cuando no es posible acceder directamente a las contraseñas, permite a usuarios locales enumerar los nombres de usuario o ca... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-2583 – Ubuntu Security Notice USN-2935-1
https://notcve.org/view.php?id=CVE-2014-2583
10 Apr 2014 — Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function. Múltiples vulnerabilidades de salto de directorio en pam_timestamp.c en el módulo pam_timestamp para Linux-PAM (también conocido como pam) ... • http://secunia.com/advisories/57317 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 0CVE-2011-3148 – (pam_env): Stack-based buffer overflow by parsing user's pam_environment file
https://notcve.org/view.php?id=CVE-2011-3148
24 Oct 2011 — Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file. Desbordamiento de búfer basado en pila en la función _assemble_line en modules/pam_env/ pam_env.c en Linux-PAM (también conocido como PAM) anterior a v1.1.5 permite a usuarios locales provocar una denegación de se... • http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=caf5e7f61c8d9288daa49b4f61962e6b1239121d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 26EXPL: 0CVE-2011-3149 – (pam_env): Infinite loop by expanding certain arguments
https://notcve.org/view.php?id=CVE-2011-3149
24 Oct 2011 — The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption). La función _expand_arg en el módulo pam_env (modules / pam_env / pam_env.c) en Linux-PAM (también conocido como pam) antes de v1.1.5 no controla correctamente cuando la expansión de la variable de entorno puede desbordarse, lo que permite a usuarios loc... • http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=109823cb621c900c07c4b6cdc99070d354d19444 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2010-4706 – Gentoo Linux Security Advisory 201206-31
https://notcve.org/view.php?id=CVE-2010-4706
24 Jan 2011 — The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pam_xauth PAM check. La función pam_sm_close_session en pam_xauth.c en el módulo pam_xauth en Linux-PAM (también conocido como pam) v1.1.2 y anteriores no maneja adecuadamente una característica para determinar un cierto objetivo... • http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=Linux-PAM-1_1_2-3-g05dafc06cd3dfeb7c4b24942e4e1ae33ff75a123 •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2010-4707 – pam: pam_xauth: Does not check if certain ACL file is a regular file
https://notcve.org/view.php?id=CVE-2010-4707
24 Jan 2011 — The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file. La función check_acl en pam_xauth.c en el módulo pam_xauth en Linux-PAM (también conocido como pam) v1.1.2 y anteriores no verifica adecuadamente que un cierto archivo ACL es un archivo regular, lo que permite que usuarios locales provoquen una den... • http://git.altlinux.org/people/ldv/packages/?p=pam.git%3Ba=commit%3Bh=Linux-PAM-1_1_2-2-gffe7058c70253d574b1963c7c93002bd410fddc9 • CWE-399: Resource Management Errors •