Exploit for Incorrect Authorization in Suse Pam-Config

CVE-2025-6018 + CVE-2025-6019 Privilege Escalation Guide 中文...

Exploit for Incorrect Authorization in Suse Pam-Config

CVE-2025-6018 + CVE-2025-6019 Privilege Escalation Guide 📋...

Exploit for Incorrect Authorization in Suse Pam-Config

CVE-2025-6018 + CVE-2025-6019 Exploit Chain This exploit was...

Exploit for Incorrect Authorization in Suse Pam-Config

CVE-2025-6018-and-CVE-2025-6019-Privilege-Escalation This is j...

CVE-2025-24531

A flaw was found in pampkcs11. The pamsmauthenticate function wrongly returns PAMIGNORE in some communication errors with a smartcard or PKCS11 token, such as a smartcard being removed or a hardware failure. In some specific PAM configurations, this return code allows the authentication process t...

Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2026-1010)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2014-7729

Malware in sbrugna...

EUVD-2011-4068

Malware in sbrugna...

EUVD-1999-1327

Malware in sbrugna...

EUVD-2015-8209

Malware in sbrugna...

SUSE-SU-2025:02081-1 Security update for pam-config

This update for pam-config fixes the following issues: - CVE-2025-6018: Stop adding pamenv in AUTH stack, and be sure to put this module at the really end of the SESSION stack bsc1243226...

New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions

Cybersecurity researchers have uncovered two local privilege escalation LPE flaws that could be exploited to gain root privileges on machines running major Linux distributions. The vulnerabilities, discovered by Qualys, are listed below - CVE-2025-6018 - LPE from unprivileged to allowactive in...

Qualys TRU Uncovers Chained LPE: SUSE 15 PAM to Full Root via libblockdev/udisks

The Qualys Threat Research Unit TRU has discovered two linked local privilege escalation LPE flaws. The first CVE-2025-6018 resides in the PAM configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15. Using this vulnerability, an unprivileged local attacker—for example, via SSH—can elevate ...

CVE-2006-6683

Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM...

pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass

A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this...

CVE-2024-37408

fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pamfprintd.so" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to restrict pamfprintd.so ...

PT-2024-27527 · Fprintd · Fprintd

Name of the Vulnerable Software and Affected Versions: fprintd versions 1.94.3 and earlier Description: The issue is related to the lack of a security attention mechanism in fprintd, which may lead to unexpected actions being authorized by auth sufficient pam fprintd.so for Sudo. This could...

FreeBSD-SA-23:09.pam_krb5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:09.pamkrb5 Security Advisory The FreeBSD Project Topic: Network authentication attack via pamkrb5 Category: core Module: pamkrb5 Announced: 2023-08-01...

K20911042: OpenSSH vulnerability CVE-2015-8325

Security Advisory Description The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the...

SUSE CVE-2019-19882

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing...