CVE-2024-10963

Summary

A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.

Affected Software

VendorProductVersion RangeStatus
1.3.1affected
1.5.1affected
1.6.0 < 1.7.0affected
Red HatRed Hat Enterprise Linux 80:1.3.1-36.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 90:1.5.1-22.el9_5 < *unaffected
Red HatRed Hat Enterprise Linux 90:1.5.1-22.el9_5 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:1.5.1-23.el9_4 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.16416.94.202411261619-0 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.17417.94.202411261220-0 < *unaffected
Red HatRed Hat OpenShift AI 2.16sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644 < *unaffected

Weaknesses

  • CWE-287: Improper Authentication

Workarounds

To reduce the risk, administrators should ensure that no DNS hostname matches local TTY or service names used in pam_access. Additionally, implement DNSSEC to prevent spoofing of DNS responses. For stronger protection, consider reconfiguring pam_access to only accept fully qualified domain names (FQDNs) in access.conf

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References