CVE-2024-10963
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
1.3.1 | affected | ||
1.5.1 | affected | ||
1.6.0 < 1.7.0 | affected | ||
| Red Hat | Red Hat Enterprise Linux 8 | 0:1.3.1-36.el8_10 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:1.5.1-22.el9_5 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:1.5.1-22.el9_5 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:1.5.1-23.el9_4 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.16 | 416.94.202411261619-0 < * | unaffected |
| Red Hat | Red Hat OpenShift Container Platform 4.17 | 417.94.202411261220-0 < * | unaffected |
| Red Hat | Red Hat OpenShift AI 2.16 | sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644 < * | unaffected |
Weaknesses
- CWE-287: Improper Authentication
Workarounds
To reduce the risk, administrators should ensure that no DNS hostname matches local TTY or service names used in pam_access. Additionally, implement DNSSEC to prevent spoofing of DNS responses. For stronger protection, consider reconfiguring pam_access to only accept fully qualified domain names (FQDNs) in access.conf
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://access.redhat.com/errata/RHSA-2024:10232
- https://access.redhat.com/errata/RHSA-2024:10244
- https://access.redhat.com/errata/RHSA-2024:10379
- https://access.redhat.com/errata/RHSA-2024:10518
- https://access.redhat.com/errata/RHSA-2024:10528
- https://access.redhat.com/errata/RHSA-2024:10852
- https://access.redhat.com/security/cve/CVE-2024-10963
- https://bugzilla.redhat.com/show_bug.cgi?id=2324291
- https://github.com/linux-pam/linux-pam/issues/834
- https://github.com/linux-pam/linux-pam/pull/835
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.