CVE-2024-22365 – pam: allowing unprivileged user to block another user namespace
https://notcve.org/view.php?id=CVE-2024-22365
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. linux-pam (también conocido como Linux PAM) anterior a 1.6.0 permite a los atacantes provocar una denegación de servicio (proceso de inicio de sesión bloqueado) a través de mkfifo porque la llamada openat (para protect_dir) carece de O_DIRECTORY. A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service. • http://www.openwall.com/lists/oss-security/2024/01/18/3 https://github.com/linux-pam/linux-pam https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0 https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 • CWE-277: Insecure Inherited Permissions •
CVE-2022-28321
https://notcve.org/view.php?id=CVE-2022-28321
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. El paquete Linux-PAM versiones anteriores a 1.5.2-6.1 para openSUSE Tumbleweed, permite omitir la autenticación en los inicios de sesión SSH. • http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://www.suse.com/security/cve/CVE-2022-28321.html • CWE-287: Improper Authentication •
CVE-2020-27780
https://notcve.org/view.php?id=CVE-2020-27780
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate. Se encontró un fallo en Linux-Pam en versiones anteriores a 1.5.1 en la manera en que maneja contraseñas vacías para usuarios inexistentes. Cuando el usuario no existe, PAM intenta autenticarse con root y en el caso de una contraseña vacía, es autenticado con éxito • https://bugzilla.redhat.com/show_bug.cgi?id=1901094 • CWE-287: Improper Authentication •