INFCSA-2024:10244: pam:1.5.1 security update
Information about definition
Identificator: INFCSA-2024:10244
Type: security
Release date: 2025-09-24 19:43:25 UTC
Information about package
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.
Vulnerabilities description
- CVE-2024-10963
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-10963
|
no information | 7.4 | no information |
Updated packages
Preparing to download...