CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22365 – pam: allowing unprivileged user to block another user namespace
https://notcve.org/view.php?id=CVE-2024-22365
18 Jan 2024 — linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. linux-pam (también conocido como Linux PAM) anterior a 1.6.0 permite a los atacantes provocar una denegación de servicio (proceso de inicio de sesión bloqueado) a través de mkfifo porque la llamada openat (para protect_dir) carece de O_DIRECTORY. A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a co... • http://www.openwall.com/lists/oss-security/2024/01/18/3 • CWE-277: Insecure Inherited Permissions •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28321 – Ubuntu Security Notice USN-5825-2
https://notcve.org/view.php?id=CVE-2022-28321
19 Sep 2022 — The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. El paquete Linux-PAM versiones anteriores a 1.5.2-... • http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27780 – Gentoo Linux Security Advisory 202012-06
https://notcve.org/view.php?id=CVE-2020-27780
07 Dec 2020 — A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate. Se encontró un fallo en Linux-Pam en versiones anteriores a 1.5.1 en la manera en que maneja contraseñas vacías para usuarios inexistentes. Cuando el usuario no existe, PAM intenta autenticarse con root y en el caso de una contraseña vacía, es autenticado con ... • https://bugzilla.redhat.com/show_bug.cgi?id=1901094 • CWE-287: Improper Authentication •