Описание
[Access control bypass due to improper hostname canonicalization]
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needed | |
| esm-infra-legacy/trusty | not-affected | code not compiled |
| esm-infra/bionic | not-affected | code not compiled |
| esm-infra/focal | not-affected | code not compiled |
| esm-infra/xenial | not-affected | code not compiled |
| jammy | not-affected | code not compiled |
| noble | not-affected | code not compiled |
| questing | needed | |
| upstream | released | 2.42~rc1-1 |
Показывать по
10
Ссылки на источники
Связанные уязвимости
CVSS3: 3.7
redhat
около 1 месяца назад
A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.
