CVE-2024-22365

Updated: 2024-02-14 06:15:58.991365

Description:

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU pam 1.5.1 5.5 MEDIUM Ignored 2024-02-14 04:09:07
CentOS 6 ELS pam 1.1.1 5.5 MEDIUM Ignored 2024-02-14 08:26:35
CentOS 7 ELS pam 1.1.8 5.5 MEDIUM Ignored 2024-02-14 04:09:07
CentOS 8.4 ELS pam 1.3.1 5.5 MEDIUM Ignored 2024-02-14 08:26:33
CentOS 8.5 ELS pam 1.3.1 5.5 MEDIUM Ignored 2024-02-14 08:26:32
CloudLinux 6 ELS pam 1.1.1 5.5 MEDIUM Ignored 2024-02-14 08:26:35
Oracle Linux 6 ELS pam 1.1.1 5.5 MEDIUM Ignored 2024-02-14 08:26:34
Ubuntu 16.04 ELS pam 1.1.8-3.2 5.5 MEDIUM Released CLSA-2024:1712671933 2024-04-09 11:14:03
Ubuntu 18.04 ELS pam 1.1.8-3.6 5.5 MEDIUM Released CLSA-2024:1713333823 2024-04-17 05:09:52