Описание
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| pam-pkcs11 | fixed | 0.6.13-1 | package | |
| pam-pkcs11 | not-affected | bullseye | package |
Примечания
https://www.openwall.com/lists/oss-security/2025/02/06/3
Introduced with: https://github.com/OpenSC/pam_pkcs11/commit/bac6cf8e0b242e508e8b715e7f78d52f1227840a (pam_pkcs11-0.6.12)
Fixed by: https://github.com/OpenSC/pam_pkcs11/commit/2ecba68d404c3112546a9e802e3776b9f6c50a6a (pam_pkcs11-0.6.13)
Связанные уязвимости
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass.
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass.
Уязвимость функции pam_sm_authenticate() модуля аутентификации PAM-PKCS#11 операционных систем Linux, позволяющая нарушителю обойти процедуру аутентификации и получить несанкционированный доступ к защищаемой информации
