CVE-2024-22365

Updated: 2024-02-14 06:15:58.991365

Description:

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU pam 1.5.1 5.5 MEDIUM Released CLSA-2024:1718202007 2024-06-12 11:27:23
CentOS 6 ELS pam 1.1.1 5.5 MEDIUM Ignored 2024-02-14 08:26:35
CentOS 7 ELS pam 1.1.8 5.5 MEDIUM Ignored 2024-02-14 04:09:07
CentOS 8.4 ELS pam 1.3.1 5.5 MEDIUM Released CLSA-2024:1719569368 2024-06-28 10:18:55
CentOS 8.5 ELS pam 1.3.1 5.5 MEDIUM Released CLSA-2024:1718796961 2024-06-19 10:15:30
CentOS Stream 8 ELS pam 1.3.1 5.5 MEDIUM Ignored 2024-05-10 10:14:43
CloudLinux 6 ELS pam 1.1.1 5.5 MEDIUM Ignored 2024-02-14 08:26:35
CloudLinux 7 ELS pam 1.1.8 5.5 MEDIUM Ignored 2024-07-22 12:05:50
Oracle Linux 6 ELS pam 1.1.1 5.5 MEDIUM Ignored 2024-02-14 08:26:34
Ubuntu 16.04 ELS pam 1.1.8-3.2 5.5 MEDIUM Released CLSA-2024:1712671933 2024-04-09 11:14:03
Total: 11