Updated: 2024-11-26 11:46:54.213223
Description:
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | HIGH | 7.4 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | pam | 1.5.1 | 7.4 | HIGH | In Progress | 2024-12-04 12:05:00 | ||
CentOS 8.4 ELS | pam | 1.3.1 | 7.4 | HIGH | Not Vulnerable | 2024-12-03 12:10:08 | ||
CentOS 8.5 ELS | pam | 1.3.1 | 7.4 | HIGH | Not Vulnerable | 2024-12-02 09:52:56 | ||
CentOS Stream 8 ELS | pam | 1.3.1 | 7.4 | HIGH | Released | CLSA-2024:1733245591 | 2024-12-03 12:10:08 |