Описание
[Access control bypass due to improper hostname canonicalization]
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| util-linux | fixed | 2.42~rc1-1 | experimental | package |
| util-linux | unfixed | package | ||
| util-linux | no-dsa | trixie | package | |
| util-linux | ignored | bookworm | package | |
| util-linux | ignored | bullseye | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=2442570
Fixed by: https://github.com/util-linux/util-linux/commit/8b29aeb081e297e48c4c1ac53d88ae07e1331984 (v2.42-rc1)
Связанные уязвимости
CVSS3: 3.7
redhat
около 1 месяца назад
A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.
