linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

References

www.openwall.com/lists/oss-security/2024/01/18/3

github.com/linux-pam/linux-pam

github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb

github.com/linux-pam/linux-pam/releases/tag/v1.6.0

redhat 11

osv 6

ubuntu 2

nessus 27

openvas 19

nvd 1

redhatcve 1

cbl_mariner 1

alpinelinux 1

cve 1

slackware 1

veracode 1

amazon 1

oraclelinux 2

cloudfoundry 1

mageia 1

almalinux 2

redos 1

prion 1

ubuntucve 1

debiancve 1

photon 3

ibm 3

hp 2

redhat

(RHSA-2024:2438) Moderate: pam security update

2024-04-30 06:15:42

(RHSA-2024:3163) Moderate: pam security update

2024-05-22 06:35:47

(RHSA-2024:3368) Important: Errata Advisory for Red Hat OpenShift GitOps v1.12.3 security update

2024-05-28 08:19:54

osv

Moderate: pam security update

2024-06-14 13:59:16

CVE-2024-22365

2024-02-06 08:15:52

Moderate: pam security update

2024-04-30 00:00:00

ubuntu

PAM vulnerability

2024-03-26 00:00:00

PAM vulnerability

2024-01-17 00:00:00

nessus

SUSE SLES12 Security Update : pam (SUSE-SU-2024:0137-1)

2024-01-19 00:00:00

EulerOS 2.0 SP12 : pam (EulerOS-SA-2024-1770)

2024-05-30 00:00:00

EulerOS 2.0 SP12 : pam (EulerOS-SA-2024-1747)

2024-05-30 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2024:0137-1)

2024-01-19 00:00:00

openSUSE: Security Advisory for pam (SUSE-SU-2024:0136-1)

2024-03-04 00:00:00

Ubuntu: Security Advisory (USN-6588-2)

2024-03-27 00:00:00

nvd

CVE-2024-22365

2024-02-06 08:15:52

redhatcve

CVE-2024-22365

2024-01-19 12:04:26

cbl_mariner

CVE-2024-22365 affecting package pam for versions less than 1.5.1-6

2024-04-09 20:48:36

alpinelinux

CVE-2024-22365

2024-02-06 08:15:52

cve

CVE-2024-22365

2024-02-06 08:15:52

slackware

[slackware-security] pam

2024-01-26 21:03:08

veracode

Denial Of Service (DoS)

2024-04-10 17:16:30

amazon

Low: pam

2024-02-01 19:57:00

oraclelinux

pam security update

2024-05-03 00:00:00

pam security update

2024-05-23 00:00:00

cloudfoundry

USN-6588-1: PAM vulnerability | Cloud Foundry

2024-02-29 00:00:00

mageia

Updated pam packages fix a security vulnerability

2024-02-09 04:34:03

almalinux

Moderate: pam security update

2024-05-22 00:00:00

Moderate: pam security update

2024-04-30 00:00:00

redos

ROS-20240409-14

2024-04-09 00:00:00

prion

Code injection

2024-02-06 08:15:00

ubuntucve

CVE-2024-22365

2024-01-17 00:00:00

debiancve

CVE-2024-22365

2024-02-06 08:15:52

photon

Moderate Photon OS Security Update - PHSA-2024-4.0-0554

2024-01-20 00:00:00

Moderate Photon OS Security Update - PHSA-2024-5.0-0193

2024-01-19 00:00:00

Moderate Photon OS Security Update - PHSA-2024-3.0-0714

2024-01-18 00:00:00

ibm

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna packages/liberaries.

2024-06-17 11:59:28

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

2024-06-20 20:32:32

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

2024-06-26 09:20:14

HP ThinPro 8.0 SP 9 Security Updates

2024-06-17 00:00:00

HP ThinPro 8.1 SP 2 Security Updates

2024-04-12 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2024-22365