Описание
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with pam_namespace configured will cause the openat() in protect_dir() to block the attempt, causing a local denial of service.
Отчет
Red Hat rates this as Moderate, as this vulnerability needs a non-default configuration in order to be explored by a malicious user. Also, the attack is local and the Denial of Service happens to a single user.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | pam | Out of support scope | ||
| Red Hat Enterprise Linux 8 | pam | Fixed | RHSA-2024:3163 | 22.05.2024 |
| Red Hat Enterprise Linux 9 | pam | Fixed | RHSA-2024:2438 | 30.04.2024 |
| Red Hat Enterprise Linux 9 | pam | Fixed | RHSA-2024:2438 | 30.04.2024 |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a den ...
5.5 Medium
CVSS3