CVE-2024-22365

Опубликовано: 06 фев. 2024

Источник: debian

EPSS Низкий

Описание

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
pam	fixed	1.5.3-2	experimental	package
pam	fixed	1.5.3-4		package
pam	no-dsa		bookworm	package
pam	no-dsa		bullseye	package
pam	no-dsa		buster	package

Примечания

https://www.openwall.com/lists/oss-security/2024/01/18/3
https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb (v1.6.0)

EPSS

Процентиль: 24%

0.00079

Низкий

Связанные уязвимости

CVE-2024-22365

CVSS3: 5.5

ubuntu

больше 1 года назад

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

CVE-2024-22365

CVSS3: 5.5

redhat

больше 1 года назад

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

CVE-2024-22365

CVSS3: 5.5

nvd

больше 1 года назад

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

CVE-2024-22365

CVSS3: 5.5

msrc

8 месяцев назад

Описание отсутствует

SUSE-SU-2024:0137-1

suse-cvrf

больше 1 года назад

Security update for pam

EPSS

Процентиль: 24%

0.00079

Низкий