linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

References

www.openwall.com/lists/oss-security/2024/01/18/3

github.com/linux-pam/linux-pam

github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb

github.com/linux-pam/linux-pam/releases/tag/v1.6.0

nessus 33

openvas 21

osv 6

nvd 1

redhat 25

ubuntu 2

cbl_mariner 1

slackware 1

redhatcve 1

rocky 1

alpinelinux 1

cve 1

amazon 1

mageia 1

veracode 1

oraclelinux 2

cloudfoundry 1

ubuntucve 1

almalinux 2

prion 1

debiancve 1

vulnrichment 1

redos 1

photon 3

ibm 7

hp 2

nessus

EulerOS 2.0 SP12 : pam (EulerOS-SA-2024-1770)

2024-05-30 00:00:00

SUSE SLES12 Security Update : pam (SUSE-SU-2024:0137-1)

2024-01-19 00:00:00

EulerOS 2.0 SP12 : pam (EulerOS-SA-2024-1747)

2024-05-30 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2024:0137-1)

2024-01-19 00:00:00

Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2024-1770)

2024-05-30 00:00:00

Mageia: Security Advisory (MGASA-2024-0030)

2024-02-09 00:00:00

osv

Moderate: pam security update

2024-06-14 13:59:16

CVE-2024-22365

2024-02-06 08:15:52

Moderate: pam security update

2024-04-30 00:00:00

nvd

CVE-2024-22365

2024-02-06 08:15:52

redhat

(RHSA-2024:3163) Moderate: pam security update

2024-05-22 06:35:47

(RHSA-2024:2438) Moderate: pam security update

2024-04-30 06:15:42

(RHSA-2024:3368) Important: Errata Advisory for Red Hat OpenShift GitOps v1.12.3 security update

2024-05-28 08:19:54

ubuntu

PAM vulnerability

2024-03-26 00:00:00

PAM vulnerability

2024-01-17 00:00:00

cbl_mariner

CVE-2024-22365 affecting package pam for versions less than 1.5.1-6

2024-04-09 20:48:36

slackware

[slackware-security] pam

2024-01-26 21:03:08

redhatcve

CVE-2024-22365

2024-01-19 12:04:26

rocky

pam security update

2024-06-14 13:59:16

alpinelinux

CVE-2024-22365

2024-02-06 08:15:52

cve

CVE-2024-22365

2024-02-06 08:15:52

amazon

Low: pam

2024-02-01 19:57:00

mageia

Updated pam packages fix a security vulnerability

2024-02-09 04:34:03

veracode

Denial Of Service (DoS)

2024-04-10 17:16:30

oraclelinux

pam security update

2024-05-03 00:00:00

pam security update

2024-05-23 00:00:00

cloudfoundry

USN-6588-1: PAM vulnerability | Cloud Foundry

2024-02-29 00:00:00

ubuntucve

CVE-2024-22365

2024-01-17 00:00:00

almalinux

Moderate: pam security update

2024-04-30 00:00:00

Moderate: pam security update

2024-05-22 00:00:00

prion

Code injection

2024-02-06 08:15:00

debiancve

CVE-2024-22365

2024-02-06 08:15:52

vulnrichment

CVE-2024-22365

2024-02-06 00:00:00

redos

ROS-20240409-14

2024-04-09 00:00:00

photon

Moderate Photon OS Security Update - PHSA-2024-4.0-0554

2024-01-20 00:00:00

Moderate Photon OS Security Update - PHSA-2024-5.0-0193

2024-01-19 00:00:00

Moderate Photon OS Security Update - PHSA-2024-3.0-0714

2024-01-18 00:00:00

ibm

Security Bulletin: Security vulnerabilities may affect Ubuntu packages that are shipped with IBM CICS TX Advanced.

2024-07-16 12:17:30

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna packages/liberaries.

2024-06-17 11:59:28

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

2024-08-23 09:49:16

HP ThinPro 8.0 SP 9 Security Updates

2024-06-17 00:00:00

HP ThinPro 8.1 SP 2 Security Updates

2024-04-12 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

5.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2024-22365