Updated: 2024-02-14 06:15:58.991365
Description:
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | MEDIUM | 5.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | pam | 1.5.1 | 5.5 | MEDIUM | Released | CLSA-2024:1718202007 | 2024-06-12 11:27:23 |
CentOS 6 ELS | pam | 1.1.1 | 5.5 | MEDIUM | Ignored | 2024-02-14 08:26:35 | |
CentOS 7 ELS | pam | 1.1.8 | 5.5 | MEDIUM | Ignored | 2024-02-14 04:09:07 | |
CentOS 8.4 ELS | pam | 1.3.1 | 5.5 | MEDIUM | Released | CLSA-2024:1719569368 | 2024-06-28 10:18:55 |
CentOS 8.5 ELS | pam | 1.3.1 | 5.5 | MEDIUM | Released | CLSA-2024:1718796961 | 2024-06-19 10:15:30 |
CentOS Stream 8 ELS | pam | 1.3.1 | 5.5 | MEDIUM | Ignored | 2024-05-10 10:14:43 | |
CloudLinux 6 ELS | pam | 1.1.1 | 5.5 | MEDIUM | Ignored | 2024-02-14 08:26:35 | |
CloudLinux 7 ELS | pam | 1.1.8 | 5.5 | MEDIUM | Ignored | 2024-07-22 12:05:50 | |
Oracle Linux 6 ELS | pam | 1.1.1 | 5.5 | MEDIUM | Ignored | 2024-02-14 08:26:34 | |
Ubuntu 16.04 ELS | pam | 1.1.8-3.2 | 5.5 | MEDIUM | Released | CLSA-2024:1712671933 | 2024-04-09 11:14:03 |