Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-22365

Опубликовано: 18 янв. 2024
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with pam_namespace configured will cause the openat() in protect_dir() to block the attempt, causing a local denial of service.

Отчет

Red Hat rates this as Moderate, as this vulnerability needs a non-default configuration in order to be explored by a malicious user. Also, the attack is local and the Denial of Service happens to a single user.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7pamOut of support scope
Red Hat Enterprise Linux 8pamFixedRHSA-2024:316322.05.2024
Red Hat Enterprise Linux 9pamFixedRHSA-2024:243830.04.2024
Red Hat Enterprise Linux 9pamFixedRHSA-2024:243830.04.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-277
https://bugzilla.redhat.com/show_bug.cgi?id=2257722pam: allowing unprivileged user to block another user namespace

EPSS

Процентиль: 25%
0.00086
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-22365

CVSS3: 5.5
ubuntu
почти 2 года назад

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

nvd логотип

CVE-2024-22365

CVSS3: 5.5
nvd
почти 2 года назад

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

msrc логотип

CVE-2024-22365

CVSS3: 5.5
msrc
около 1 года назад

Описание отсутствует

debian логотип

CVE-2024-22365

CVSS3: 5.5
debian
почти 2 года назад

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a den ...

suse-cvrf логотип

SUSE-SU-2024:0137-1

suse-cvrf
почти 2 года назад

Security update for pam

EPSS

Процентиль: 25%
0.00086
Низкий

5.5 Medium

CVSS3

Уязвимость CVE-2024-22365