CVE-2024-37408

Опубликовано: 08 июн. 2024

Источник: redhat

CVSS3: 0

EPSS Низкий

Описание

fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to restrict pam_fprintd.so to front-ends that implement a proper attention mechanism, not modifying pam_fprintd.so or fprintd.

A flaw was found in fprintd through version 1.94.3, which lacks a security attention mechanism. This issue causes unexpected actions that may be authorized by "auth sufficient pam_fprintd.so" for Sudo.

Отчет

Red Hat Product Security does not consider this to be a vulnerability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	fprintd	Not affected
Red Hat Enterprise Linux 6	fprintd	Out of support scope
Red Hat Enterprise Linux 7	fprintd	Out of support scope
Red Hat Enterprise Linux 8	fprintd	Not affected
Red Hat Enterprise Linux 9	fprintd	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Дефект:

CWE-99

https://bugzilla.redhat.com/show_bug.cgi?id=2291438fprintd: unexpected actions might be authorized with fingerprint reader

EPSS

Процентиль: 19%

0.00059

Низкий

0 Low

CVSS3

Связанные уязвимости

CVE-2024-37408

CVSS3: 7.3

ubuntu

больше 1 года назад

CVE-2024-37408

CVSS3: 7.3

nvd

больше 1 года назад

CVE-2024-37408

CVSS3: 7.3

debian

больше 1 года назад

fprintd through 1.94.3 lacks a security attention mechanism, and thus ...

GHSA-268h-82rc-5x3h

CVSS3: 7.3

github

больше 1 года назад

fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for Sudo.

EPSS

Процентиль: 19%

0.00059

Низкий

0 Low

CVSS3