Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-22365HistoryFeb 06, 2024 - 8:15 a.m.
CVE-2024-22365
2024-02-0608:15:52
Debian Security Bug Tracker
security-tracker.debian.org
23
cve-2024-22365
linux pam
denial of service
mkfifo
openat call
protect_dir
o_directory
unix
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
8.9 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | pam | <= 1.5.2-6+deb12u1 | pam_1.5.2-6+deb12u1_all.deb |
| Debian | 11 | all | pam | <= 1.4.0-9+deb11u1 | pam_1.4.0-9+deb11u1_all.deb |
| Debian | 999 | all | pam | < 1.5.3-4 | pam_1.5.3-4_all.deb |
| Debian | 13 | all | pam | < 1.5.3-4 | pam_1.5.3-4_all.deb |
Related
redhat
redhat
(RHSA-2024:2438) Moderate: pam security update
2024-04-30 06:15:42
(RHSA-2024:3163) Moderate: pam security update
2024-05-22 06:35:47
osv
osv
Moderate: pam security update
2024-06-14 13:59:16
CVE-2024-22365
2024-02-06 08:15:52
Moderate: pam security update
2024-04-30 00:00:00
ubuntu
ubuntu
PAM vulnerability
2024-03-26 00:00:00
PAM vulnerability
2024-01-17 00:00:00
cvelist
cvelist
CVE-2024-22365
2024-02-06 00:00:00
nessus
nessus
SUSE SLES12 Security Update : pam (SUSE-SU-2024:0137-1)
2024-01-19 00:00:00
EulerOS 2.0 SP12 : pam (EulerOS-SA-2024-1770)
2024-05-30 00:00:00
EulerOS 2.0 SP12 : pam (EulerOS-SA-2024-1747)
2024-05-30 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0137-1)
2024-01-19 00:00:00
openSUSE: Security Advisory for pam (SUSE-SU-2024:0136-1)
2024-03-04 00:00:00
Ubuntu: Security Advisory (USN-6588-2)
2024-03-27 00:00:00
nvd
nvd
CVE-2024-22365
2024-02-06 08:15:52
redhatcve
redhatcve
CVE-2024-22365
2024-01-19 12:04:26
cbl_mariner
cbl_mariner
CVE-2024-22365 affecting package pam for versions less than 1.5.1-6
2024-04-09 20:48:36
alpinelinux
alpinelinux
CVE-2024-22365
2024-02-06 08:15:52
cve
cve
CVE-2024-22365
2024-02-06 08:15:52
slackware
slackware
[slackware-security] pam
2024-01-26 21:03:08
veracode
veracode
Denial Of Service (DoS)
2024-04-10 17:16:30
amazon
amazon
Low: pam
2024-02-01 19:57:00
oraclelinux
oraclelinux
pam security update
2024-05-03 00:00:00
pam security update
2024-05-23 00:00:00
cloudfoundry
cloudfoundry
USN-6588-1: PAM vulnerability | Cloud Foundry
2024-02-29 00:00:00
mageia
mageia
Updated pam packages fix a security vulnerability
2024-02-09 04:34:03
almalinux
almalinux
Moderate: pam security update
2024-05-22 00:00:00
Moderate: pam security update
2024-04-30 00:00:00
redos
redos
ROS-20240409-14
2024-04-09 00:00:00
prion
prion
Code injection
2024-02-06 08:15:00
ubuntucve
ubuntucve
CVE-2024-22365
2024-01-17 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2024-4.0-0554
2024-01-20 00:00:00
Moderate Photon OS Security Update - PHSA-2024-5.0-0193
2024-01-19 00:00:00
Moderate Photon OS Security Update - PHSA-2024-3.0-0714
2024-01-18 00:00:00
ibm
ibm
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna packages/liberaries.
2024-06-17 11:59:28
hp
hp
HP ThinPro 8.0 SP 9 Security Updates
2024-06-17 00:00:00
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
8.9 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Related for DEBIANCVE:CVE-2024-22365