rpm package
opensuse/pam&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/pam&distro=openSUSE%20Tumbleweed
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-6020 | Hig | 7.8 | < 1.7.1-1.1 | 1.7.1-1.1 | Jun 17, 2025 | A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. | |
| CVE-2024-10963 | Hig | 7.4 | < 1.7.0-2.1 | 1.7.0-2.1 | Nov 7, 2024 | A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that | |
| CVE-2024-10041 | — | < 1.7.1-3.1 | 1.7.1-3.1 | Oct 23, 2024 | A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain spec | ||
| CVE-2020-27780 | — | < 1.5.2-1.1 | 1.5.2-1.1 | Dec 17, 2020 | A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate. | ||
| CVE-2018-17953 | — | < 1.5.2-1.1 | 1.5.2-1.1 | Nov 27, 2018 | A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open). | ||
| CVE-2015-3238 | Med | 6.5 | < 1.3.0-3.4 | 1.3.0-3.4 | Aug 24, 2015 | The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. | |
| CVE-2014-2583 | — | < 1.3.0-3.4 | 1.3.0-3.4 | Apr 10, 2014 | Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) P | ||
| CVE-2011-3149 | — | < 1.3.0-3.4 | 1.3.0-3.4 | Jul 22, 2012 | The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption). | ||
| CVE-2011-3148 | — | < 1.3.0-3.4 | 1.3.0-3.4 | Jul 22, 2012 | Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam | ||
| CVE-2010-3853 | — | < 1.3.0-3.4 | 1.3.0-3.4 | Jan 24, 2011 | pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on t | ||
| CVE-2010-3431 | — | < 1.3.0-3.4 | 1.3.0-3.4 | Jan 24, 2011 | The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrat | ||
| CVE-2010-3430 | — | < 1.3.0-3.4 | 1.3.0-3.4 | Jan 24, 2011 | The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissio |
- affected < 1.7.1-1.1fixed 1.7.1-1.1
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
- affected < 1.7.0-2.1fixed 1.7.0-2.1
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that
- CVE-2024-10041Oct 23, 2024affected < 1.7.1-3.1fixed 1.7.1-3.1
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain spec
- CVE-2020-27780Dec 17, 2020affected < 1.5.2-1.1fixed 1.5.2-1.1
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
- CVE-2018-17953Nov 27, 2018affected < 1.5.2-1.1fixed 1.5.2-1.1
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
- affected < 1.3.0-3.4fixed 1.3.0-3.4
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
- CVE-2014-2583Apr 10, 2014affected < 1.3.0-3.4fixed 1.3.0-3.4
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) P
- CVE-2011-3149Jul 22, 2012affected < 1.3.0-3.4fixed 1.3.0-3.4
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).
- CVE-2011-3148Jul 22, 2012affected < 1.3.0-3.4fixed 1.3.0-3.4
Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam
- CVE-2010-3853Jan 24, 2011affected < 1.3.0-3.4fixed 1.3.0-3.4
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on t
- CVE-2010-3431Jan 24, 2011affected < 1.3.0-3.4fixed 1.3.0-3.4
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrat
- CVE-2010-3430Jan 24, 2011affected < 1.3.0-3.4fixed 1.3.0-3.4
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissio