Security Bulletin: Vulnerabilities in pam library (CVE-2025-6020, CVE-2025-8941) affect Power HMC.

Summary The pam library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-6020 DESCRIPTION: A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing...

CLSA-2025-1753207513 pam: Fix of CVE-2025-6020

CVE-2025-6020: privilege elevation to root via multiple symlink attacks and race conditions - Perform regression testing...

SUSE CVE-2019-19882

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing...

Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library

Not invoking a call to pamacctmgmt after a call to pamauthenticate to check the validity of a login can lead to an authorization bypass. Impact Exploitability The attack can be carried over the network. A complex non-standard configuration or a specialized condition is required for the attack to ...

GHSA-GMHJ-XJFH-CF6M Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library

Not invoking a call to pamacctmgmt after a call to pamauthenticate to check the validity of a login can lead to an authorization bypass. Impact Exploitability The attack can be carried over the network. A complex non-standard configuration or a specialized condition is required for the attack to ...

Pamspy - Credentials Dumper For Linux Using eBPF

pamspy leverage eBPF technologies to achieve an equivalent work of 3snake. It will track a particular userland function inside the PAM Pluggable Authentication Modules library, used by many critical applications to handle authentication like: sudo sshd passwd gnome x11 and many other ... How to...

CVE-2020-27678

An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parseusername in lib/libpam/pamframework.c...

libpam4j: Account check bypass

It was found that libpam4j did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information...

FreeBSD-SA-14:13.pam

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:13.pam Security Advisory The FreeBSD Project Topic: Incorrect error handling in PAM policy parser Category: contrib Module: pam Announced: 2014-06-03 Credits...

FreeBSD -- Incorrect error handling in PAM policy parser

Problem Description: The OpenPAM library searches for policy definitions in several locations. While doing so, the absence of a policy file is a soft failure handled by searching in the next location while the presence of an invalid file is a hard failure handled by returning an error to the...

CentOS 4 : pam (CESA-2007:0737)

Updated pam packages that fix two security flaws, resolve two bugs, and add an enhancement are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules PAM provide a system...

Scientific Linux Security Update : pam on SL4.x i386/x86_64

A flaw was found in the way pamconsole set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to another local user. CVE-2007-1716 A flaw was found in the way the PAM library wrote account...

Debian Security Advisory DSA 2430-1 (python-pam)

The remote host is missing an update to python-pam announced via advisory DSA 2430-1. OpenVAS Vulnerability Test $Id: deb24301.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2430-1 python-pam Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

DSA-2430-1 python-pam - double free

Bulletin has no description...

[USN-1395-1] PyPAM vulnerability

========================================================================== Ubuntu Security Notice USN-1395-1 March 08, 2012 python-pam vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

FreeBSD Security Advisory (FreeBSD-SA-11:09.pam_ssh.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-11:09.pamssh.asc ADV FreeBSD-SA-11:09.pamssh.asc OpenVAS Vulnerability Test $ Description: Auto generated from ADV FreeBSD-SA-11:09.pamssh.asc Authors: Thomas Reinke Copyright: Copyright c 2012...

PT-2006-1929 · Freebsd +1 · Openam +2

Name of the Vulnerable Software and Affected Versions: OpenSSH on FreeBSD versions 5.3 through 5.4 Description: The issue arises when OpenSSH on FreeBSD is used with OpenPAM and a forked child process terminates during PAM authentication. This allows remote attackers to cause a denial of service ...