linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

References

www.openwall.com/lists/oss-security/2024/01/18/3

github.com/linux-pam/linux-pam

github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb

github.com/linux-pam/linux-pam/releases/tag/v1.6.0

nessus 32

openvas 20

rocky 1

osv 6

alpinelinux 1

slackware 1

cbl_mariner 1

cve 1

redhatcve 1

ubuntucve 1

debiancve 1

almalinux 2

prion 1

oraclelinux 2

cvelist 1

redhat 20

nvd 1

ubuntu 2

redos 1

amazon 1

mageia 1

veracode 1

cloudfoundry 1

photon 3

ibm 7

hp 2

nessus

Slackware Linux 15.0 / current pam Vulnerability (SSA:2024-026-01)

2024-01-31 00:00:00

EulerOS Virtualization 2.10.0 : pam (EulerOS-SA-2024-1534)

2024-04-19 00:00:00

EulerOS Virtualization 2.10.1 : pam (EulerOS-SA-2024-1553)

2024-04-19 00:00:00

openvas

Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2024-1770)

2024-05-30 00:00:00

Mageia: Security Advisory (MGASA-2024-0030)

2024-02-09 00:00:00

Ubuntu: Security Advisory (USN-6588-2)

2024-03-27 00:00:00

rocky

pam security update

2024-06-14 13:59:16

osv

Moderate: pam security update

2024-04-30 00:00:00

Moderate: pam security update

2024-05-22 00:00:00

CVE-2024-22365

2024-02-06 08:15:52

alpinelinux

CVE-2024-22365

2024-02-06 08:15:52

slackware

[slackware-security] pam

2024-01-26 21:03:08

cbl_mariner

CVE-2024-22365 affecting package pam for versions less than 1.5.1-6

2024-04-09 20:48:36

cve

CVE-2024-22365

2024-02-06 08:15:52

redhatcve

CVE-2024-22365

2024-01-19 12:04:26

ubuntucve

CVE-2024-22365

2024-01-17 00:00:00

debiancve

CVE-2024-22365

2024-02-06 08:15:52

almalinux

Moderate: pam security update

2024-04-30 00:00:00

Moderate: pam security update

2024-05-22 00:00:00

prion

Code injection

2024-02-06 08:15:00

oraclelinux

pam security update

2024-05-23 00:00:00

pam security update

2024-05-03 00:00:00

cvelist

CVE-2024-22365

2024-02-06 00:00:00

redhat

(RHSA-2024:2438) Moderate: pam security update

2024-04-30 06:15:42

(RHSA-2024:3163) Moderate: pam security update

2024-05-22 06:35:47

(RHSA-2024:3475) Important: Errata Advisory for Red Hat OpenShift GitOps v1.11.5 security update

2024-05-29 17:42:30

nvd

CVE-2024-22365

2024-02-06 08:15:52

ubuntu

PAM vulnerability

2024-03-26 00:00:00

PAM vulnerability

2024-01-17 00:00:00

redos

ROS-20240409-14

2024-04-09 00:00:00

amazon

Low: pam

2024-02-01 19:57:00

mageia

Updated pam packages fix a security vulnerability

2024-02-09 04:34:03

veracode

Denial Of Service (DoS)

2024-04-10 17:16:30

cloudfoundry

USN-6588-1: PAM vulnerability | Cloud Foundry

2024-02-29 00:00:00

photon

Moderate Photon OS Security Update - PHSA-2024-4.0-0554

2024-01-20 00:00:00

Moderate Photon OS Security Update - PHSA-2024-3.0-0714

2024-01-18 00:00:00

Moderate Photon OS Security Update - PHSA-2024-5.0-0193

2024-01-19 00:00:00

ibm

Security Bulletin: Security vulnerabilities may affect Ubuntu packages that are shipped with IBM CICS TX Advanced.

2024-07-16 12:17:30

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna packages/liberaries.

2024-06-17 11:59:28

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

2024-08-23 09:49:16

HP ThinPro 8.0 SP 9 Security Updates

2024-06-17 00:00:00

HP ThinPro 8.1 SP 2 Security Updates

2024-04-12 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-22365