CVE-2024-10963

Updated: 2024-11-26 11:46:54.213223

Description:

A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.4

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU pam 1.5.1 7.4 HIGH In Progress 2024-12-04 12:05:00
CentOS 8.4 ELS pam 1.3.1 7.4 HIGH Not Vulnerable 2024-12-03 12:10:08
CentOS 8.5 ELS pam 1.3.1 7.4 HIGH Not Vulnerable 2024-12-02 09:52:56
CentOS Stream 8 ELS pam 1.3.1 7.4 HIGH Released CLSA-2024:1733245591 2024-12-03 12:10:08