linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2024/01/18/3 | Exploit Mailing List Patch Release Notes |
https://github.com/linux-pam/linux-pam | Product |
https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb | Patch |
https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0 | Release Notes |
Configurations
History
14 Feb 2024, 00:27
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
CWE | NVD-CWE-noinfo | |
First Time |
Linux-pam
Linux-pam linux-pam |
|
References | () http://www.openwall.com/lists/oss-security/2024/01/18/3 - Exploit, Mailing List, Patch, Release Notes | |
References | () https://github.com/linux-pam/linux-pam - Product | |
References | () https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb - Patch | |
References | () https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0 - Release Notes | |
CPE | cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:* |
06 Feb 2024, 13:53
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Feb 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-06 08:15
Updated : 2024-02-14 00:27
NVD link : CVE-2024-22365
Mitre link : CVE-2024-22365
CVE.ORG link : CVE-2024-22365
JSON object : View
Products Affected
linux-pam
- linux-pam
CWE