rpm package
suse/pam&distro=SUSE Manager Proxy 4.3
pkg:rpm/suse/pam&distro=SUSE%20Manager%20Proxy%204.3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-6018 | — | < 1.3.0-150000.6.83.1 | 1.3.0-150000.6.83.1 | Jul 23, 2025 | A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for | ||
| CVE-2025-6020 | Hig | 7.8 | < 1.3.0-150000.6.83.1 | 1.3.0-150000.6.83.1 | Jun 17, 2025 | A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. | |
| CVE-2024-22365 | Med | 5.5 | < 1.3.0-150000.6.66.1 | 1.3.0-150000.6.66.1 | Feb 6, 2024 | linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. |
- CVE-2025-6018Jul 23, 2025affected < 1.3.0-150000.6.83.1fixed 1.3.0-150000.6.83.1
A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for
- affected < 1.3.0-150000.6.83.1fixed 1.3.0-150000.6.83.1
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
- affected < 1.3.0-150000.6.66.1fixed 1.3.0-150000.6.66.1
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.