CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22365 – pam: allowing unprivileged user to block another user namespace
https://notcve.org/view.php?id=CVE-2024-22365
18 Jan 2024 — linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. linux-pam (también conocido como Linux PAM) anterior a 1.6.0 permite a los atacantes provocar una denegación de servicio (proceso de inicio de sesión bloqueado) a través de mkfifo porque la llamada openat (para protect_dir) carece de O_DIRECTORY. A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a co... • http://www.openwall.com/lists/oss-security/2024/01/18/3 • CWE-277: Insecure Inherited Permissions •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28321 – Ubuntu Security Notice USN-5825-2
https://notcve.org/view.php?id=CVE-2022-28321
19 Sep 2022 — The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. El paquete Linux-PAM versiones anteriores a 1.5.2-... • http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17953 – pam_access does not handle netmask matches correctly
https://notcve.org/view.php?id=CVE-2018-17953
27 Nov 2018 — A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open). Una variable incorrecta en un parche específico de SUSE para la coincidencia de reglas pam_access en PAM 1.3.0 en openSUSE Leap 15.0 y SUSE Linux Enterprise 15 podría conducir a que las reglas de pam_access no se apliquen (fail open). • https://bugzilla.suse.com/show_bug.cgi?id=1115640 • CWE-284: Improper Access Control •