Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-10041

Опубликовано: 23 окт. 2024
Источник: debian
EPSS Низкий

Описание

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
pamfixed1.7.0-1experimentalpackage
pamfixed1.7.0-2package
pamno-dsabookwormpackage
pampostponedbullseyepackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2319212

  • https://github.com/linux-pam/linux-pam/issues/846

  • https://github.com/linux-pam/linux-pam/pull/686

  • https://github.com/linux-pam/linux-pam/commit/b3020da7da384d769f27a8713257fbe1001878be (v1.6.0)

EPSS

Процентиль: 6%
0.00029
Низкий

Связанные уязвимости

CVSS3: 4.7
ubuntu
9 месяцев назад

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

CVSS3: 4.7
redhat
9 месяцев назад

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

CVSS3: 4.7
nvd
9 месяцев назад

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

CVSS3: 4.7
msrc
6 месяцев назад

Описание отсутствует

suse-cvrf
2 месяца назад

Security update for apparmor

EPSS

Процентиль: 6%
0.00029
Низкий