CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22365 – pam: allowing unprivileged user to block another user namespace
https://notcve.org/view.php?id=CVE-2024-22365
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. linux-pam (también conocido como Linux PAM) anterior a 1.6.0 permite a los atacantes provocar una denegación de servicio (proceso de inicio de sesión bloqueado) a través de mkfifo porque la llamada openat (para protect_dir) carece de O_DIRECTORY. A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service. • http://www.openwall.com/lists/oss-security/2024/01/18/3 https://github.com/linux-pam/linux-pam https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0 https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 • CWE-277: Insecure Inherited Permissions •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28321
https://notcve.org/view.php?id=CVE-2022-28321
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. El paquete Linux-PAM versiones anteriores a 1.5.2-6.1 para openSUSE Tumbleweed, permite omitir la autenticación en los inicios de sesión SSH. • http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://www.suse.com/security/cve/CVE-2022-28321.html • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2015-3238 – pam: DoS/user enumeration due to blocking pipe in pam_unix module
https://notcve.org/view.php?id=CVE-2015-3238
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. Vulnerabilidad en la función _unix_run_helper_binary en el módulo pam_unix en Linux-PAM (también conocido como pam) en versiones anteriores a 1.2.1, cuando no es posible acceder directamente a las contraseñas, permite a usuarios locales enumerar los nombres de usuario o causar una denegación de servicio (colgado) a través de una contraseña larga. It was discovered that the _unix_run_helper_binary() function of PAM's unix_pam module could write to a blocking pipe, possibly causing the function to become unresponsive. An attacker able to supply large passwords to the unix_pam module could use this flaw to enumerate valid user accounts, or cause a denial of service on the system. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161350.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161249.html http://rhn.redhat.com/errata/RHSA-2015-1640.html http://www.openwall.com/lists/oss-security/2015/06/25/13 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.securityfocus.com/bid/75428 http://www.ubuntu.com/usn/USN-2935-1 http://www.ubuntu.com/usn/USN-2935-2 http://www.ubuntu.co • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 4.6EPSS: 0%CPEs: 26EXPL: 0CVE-2011-3148 – (pam_env): Stack-based buffer overflow by parsing user's pam_environment file
https://notcve.org/view.php?id=CVE-2011-3148
Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file. Desbordamiento de búfer basado en pila en la función _assemble_line en modules/pam_env/ pam_env.c en Linux-PAM (también conocido como PAM) anterior a v1.1.5 permite a usuarios locales provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una larga cadena de los espacios en blanco al principio del archivo ~/.pam_environment. • http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=caf5e7f61c8d9288daa49b4f61962e6b1239121d http://secunia.com/advisories/46583 http://secunia.com/advisories/49711 http://security.gentoo.org/glsa/glsa-201206-31.xml http://www.ubuntu.com/usn/USN-1237-1 https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469 https://access.redhat.com/security/cve/CVE-2011-3148 https://bugzilla.redhat.com/show_bug.cgi?id=746619 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 2.1EPSS: 0%CPEs: 26EXPL: 0CVE-2011-3149 – (pam_env): Infinite loop by expanding certain arguments
https://notcve.org/view.php?id=CVE-2011-3149
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption). La función _expand_arg en el módulo pam_env (modules / pam_env / pam_env.c) en Linux-PAM (también conocido como pam) antes de v1.1.5 no controla correctamente cuando la expansión de la variable de entorno puede desbordarse, lo que permite a usuarios locales provocar una denegación de servicio (el consumo de CPU). • http://git.fedorahosted.org/git/?p=linux-pam.git%3Ba=commitdiff%3Bh=109823cb621c900c07c4b6cdc99070d354d19444 http://secunia.com/advisories/46583 http://secunia.com/advisories/49711 http://security.gentoo.org/glsa/glsa-201206-31.xml http://www.ubuntu.com/usn/USN-1237-1 https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565 https://access.redhat.com/security/cve/CVE-2011-3149 https://bugzilla.redhat.com/show_bug.cgi?id=746620 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •