Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-6020

Опубликовано: 17 июн. 2025
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

Отчет

This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits—just timing and control over certain paths—making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.

Меры по смягчению последствий

Disable the pam_namespace module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like /tmp.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7pamOut of support scope
Red Hat Enterprise Linux 8pamAffected
Red Hat Enterprise Linux 9pamAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-22
https://bugzilla.redhat.com/show_bug.cgi?id=2372512linux-pam: Linux-pam directory Traversal

EPSS

Процентиль: 4%
0.0002
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-6020

CVSS3: 7.8
ubuntu
3 дня назад

The module pam_namespace in linux-pam <= 1.7.0 may access user-controlled paths without proper protections, which allows a local user to elevate their privileges to root via multiple symlink attacks and race conditions

nvd логотип

CVE-2025-6020

CVSS3: 7.8
nvd
2 дня назад

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

debian логотип

CVE-2025-6020

CVSS3: 7.8
debian
2 дня назад

A flaw was found in linux-pam. The module pam_namespace may use access ...

EPSS

Процентиль: 4%
0.0002
Низкий

7.8 High

CVSS3

Уязвимость CVE-2025-6020