High severity7.4NVD Advisory· Published Nov 7, 2024· Updated Apr 15, 2026
CVE-2024-10963
CVE-2024-10963
Description
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- osv-coords6 versionspkg:rpm/almalinux/pampkg:rpm/almalinux/pam-develpkg:rpm/almalinux/pam-docspkg:rpm/opensuse/pam&distro=openSUSE%20Tumbleweedpkg:rpm/suse/pam&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/pam&distro=SUSE%20Linux%20Micro%206.1
< 1.5.1-22.el9_5+ 5 more
- (no CPE)range: < 1.5.1-22.el9_5
- (no CPE)range: < 1.5.1-22.el9_5
- (no CPE)range: < 1.5.1-22.el9_5
- (no CPE)range: < 1.7.0-2.1
- (no CPE)range: < 1.6.0-4.1
- (no CPE)range: < 1.6.1-slfo.1.1_2.1
Patches
Vulnerability mechanics
References
10- access.redhat.com/errata/RHSA-2024:10232nvd
- access.redhat.com/errata/RHSA-2024:10244nvd
- access.redhat.com/errata/RHSA-2024:10379nvd
- access.redhat.com/errata/RHSA-2024:10518nvd
- access.redhat.com/errata/RHSA-2024:10528nvd
- access.redhat.com/errata/RHSA-2024:10852nvd
- access.redhat.com/security/cve/CVE-2024-10963nvd
- bugzilla.redhat.com/show_bug.cginvd
- github.com/linux-pam/linux-pam/issues/834nvd
- github.com/linux-pam/linux-pam/pull/835nvd
News mentions
0No linked articles in our index yet.