Vendor CVEs
Linux Pam
All CVEs
35 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-38492 | Cri | 0.61 | — | 0.01 | Jul 15, 2024 | This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | ||
| CVE-2024-36456 | Cri | 0.61 | — | 0.01 | Jul 15, 2024 | This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | ||
| CVE-2025-24505 | Hig | 0.57 | — | 0.00 | Jan 30, 2025 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. | ||
| CVE-2024-38494 | Hig | 0.56 | — | 0.01 | Jul 15, 2024 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | ||
| CVE-2025-6020 | Hig | 0.51 | 7.8 | 0.00 | Jun 17, 2025 | A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. | ||
| CVE-2024-10963 | Hig | 0.48 | 7.4 | 0.01 | Nov 7, 2024 | A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems… | ||
| CVE-2015-3238 | Med | 0.42 | 6.5 | 0.03 | Aug 24, 2015 | The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. | ||
| CVE-2026-54411 | Med | 0.38 | 5.9 | 0.00 | Jun 14, 2026 | Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling… | ||
| CVE-2024-22365 | Med | 0.36 | 5.5 | 0.00 | Feb 6, 2024 | linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. | ||
| CVE-2016-4982 | Med | 0.31 | 4.7 | 0.00 | Jul 17, 2017 | authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it. | ||
| CVE-2003-0388 | 0.03 | — | 0.01 | Jul 24, 2003 | pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name. | |||
| CVE-2000-0843 | 0.01 | — | 0.07 | Nov 14, 2000 | Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules (PAM) allow remote attackers to execute arbitrary commands via a login with a long user name. | |||
| CVE-2022-28321 | 0.00 | — | 0.01 | Sep 19, 2022 | The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with… | |||
| CVE-2022-25625 | 0.00 | — | 0.01 | Aug 26, 2022 | A malicious unauthorized PAM user can access the administration configuration data and change the values. | |||
| CVE-2020-36394 | 0.00 | — | 0.00 | Jun 22, 2021 | pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home. | |||
| CVE-2020-27780 | 0.00 | — | 0.02 | Dec 17, 2020 | A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate. | |||
| CVE-2018-17953 | 0.00 | — | 0.01 | Nov 27, 2018 | A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open). | |||
| CVE-2013-7041 | 0.00 | — | 0.02 | May 8, 2014 | The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack. | |||
| CVE-2014-2583 | 0.00 | — | 0.04 | Apr 10, 2014 | Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2)… | |||
| CVE-2011-3149 | 0.00 | — | 0.01 | Jul 22, 2012 | The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption). | |||
| CVE-2011-3148 | 0.00 | — | 0.01 | Jul 22, 2012 | Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the… | |||
| CVE-2010-4708 | 0.00 | — | 0.00 | Jan 24, 2011 | The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check. | |||
| CVE-2010-4707 | 0.00 | — | 0.00 | Jan 24, 2011 | The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file. | |||
| CVE-2010-4706 | 0.00 | — | 0.00 | Jan 24, 2011 | The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on… | |||
| CVE-2010-3853 | 0.00 | — | 0.00 | Jan 24, 2011 | pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on… | |||
| CVE-2010-3435 | 0.00 | — | 0.00 | Jan 24, 2011 | The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem… | |||
| CVE-2010-3431 | 0.00 | — | 0.00 | Jan 24, 2011 | The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as… | |||
| CVE-2010-3430 | 0.00 | — | 0.00 | Jan 24, 2011 | The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group… | |||
| CVE-2010-3316 | 0.00 | — | 0.00 | Jan 24, 2011 | The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on… | |||
| CVE-2009-0579 | 0.00 | — | 0.00 | Apr 16, 2009 | Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified. | |||
| CVE-2009-0887 | 0.00 | — | 0.02 | Mar 12, 2009 | Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to… | |||
| CVE-2007-0003 | 0.00 | — | 0.00 | Jan 23, 2007 | pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters. | |||
| CVE-2005-2977 | 0.00 | — | 0.00 | Nov 1, 2005 | The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses. | |||
| CVE-2002-1227 | 0.00 | — | 0.02 | Oct 28, 2002 | PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users. | |||
| CVE-1999-0342 | 0.00 | — | 0.00 | Dec 1, 1998 | Linux PAM modules allow local users to gain root access using temporary files. |
- risk 0.61cvss —epss 0.01
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.
- risk 0.61cvss —epss 0.01
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.
- risk 0.57cvss —epss 0.00
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file.
- risk 0.56cvss —epss 0.01
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.
- risk 0.51cvss 7.8epss 0.00
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
- risk 0.48cvss 7.4epss 0.01
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems…
- risk 0.42cvss 6.5epss 0.03
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
- risk 0.38cvss 5.9epss 0.00
Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling…
- risk 0.36cvss 5.5epss 0.00
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
- risk 0.31cvss 4.7epss 0.00
authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it.
- CVE-2003-0388Jul 24, 2003risk 0.03cvss —epss 0.01
pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.
- CVE-2000-0843Nov 14, 2000risk 0.01cvss —epss 0.07
Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules (PAM) allow remote attackers to execute arbitrary commands via a login with a long user name.
- CVE-2022-28321Sep 19, 2022risk 0.00cvss —epss 0.01
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with…
- CVE-2022-25625Aug 26, 2022risk 0.00cvss —epss 0.01
A malicious unauthorized PAM user can access the administration configuration data and change the values.
- CVE-2020-36394Jun 22, 2021risk 0.00cvss —epss 0.00
pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home.
- CVE-2020-27780Dec 17, 2020risk 0.00cvss —epss 0.02
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
- CVE-2018-17953Nov 27, 2018risk 0.00cvss —epss 0.01
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
- CVE-2013-7041May 8, 2014risk 0.00cvss —epss 0.02
The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.
- CVE-2014-2583Apr 10, 2014risk 0.00cvss —epss 0.04
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2)…
- CVE-2011-3149Jul 22, 2012risk 0.00cvss —epss 0.01
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).
- CVE-2011-3148Jul 22, 2012risk 0.00cvss —epss 0.01
Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the…
- CVE-2010-4708Jan 24, 2011risk 0.00cvss —epss 0.00
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.
- CVE-2010-4707Jan 24, 2011risk 0.00cvss —epss 0.00
The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file.
- CVE-2010-4706Jan 24, 2011risk 0.00cvss —epss 0.00
The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on…
- CVE-2010-3853Jan 24, 2011risk 0.00cvss —epss 0.00
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on…
- CVE-2010-3435Jan 24, 2011risk 0.00cvss —epss 0.00
The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem…
- CVE-2010-3431Jan 24, 2011risk 0.00cvss —epss 0.00
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as…
- CVE-2010-3430Jan 24, 2011risk 0.00cvss —epss 0.00
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group…
- CVE-2010-3316Jan 24, 2011risk 0.00cvss —epss 0.00
The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on…
- CVE-2009-0579Apr 16, 2009risk 0.00cvss —epss 0.00
Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified.
- CVE-2009-0887Mar 12, 2009risk 0.00cvss —epss 0.02
Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to…
- CVE-2007-0003Jan 23, 2007risk 0.00cvss —epss 0.00
pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.
- CVE-2005-2977Nov 1, 2005risk 0.00cvss —epss 0.00
The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.
- CVE-2002-1227Oct 28, 2002risk 0.00cvss —epss 0.02
PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.
- CVE-1999-0342Dec 1, 1998risk 0.00cvss —epss 0.00
Linux PAM modules allow local users to gain root access using temporary files.