22 matches found
SUSE SLED15 / SLES15 Security Update : apparmor (SUSE-SU-2025:01511-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01511-1 advisory. - Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This...
SUSE-SU-2025:01511-1 Security update for apparmor
This update for apparmor fixes the following issues: - Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678...
Security update for apparmor
This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...
SUSE-SU-2025:1549-1 Security update for apparmor
This update for apparmor fixes the following issues: - Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678...
SUSE SLES15: apache2-mod_apparmor / apparmor-abstractions / apparmor-docs / etc (SUSE-SU-2025:1505-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1505-1 advisory. - Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the...
SUSE SLED15: apache2-mod_apparmor / apparmor-abstractions / apparmor-docs / etc (SUSE-SU-2025:1511-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1511-1 advisory. - Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000...
SUSE SLES15: apache2-mod_apparmor / apparmor-abstractions / apparmor-docs / etc (SUSE-SU-2025:1512-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1512-1 advisory. - Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the...
SUSE-SU-2025:1517-1 Security update for apparmor
This update for apparmor fixes the following issues: - Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678...
Security update for apparmor
This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...
SUSE-SU-2025:1512-1 Security update for apparmor
This update for apparmor fixes the following issues: - Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678...
SUSE-SU-2025:1511-1 Security update for apparmor
This update for apparmor fixes the following issues: - Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678...
Security update for apparmor
This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...
SUSE-SU-2025:1505-1 Security update for apparmor
This update for apparmor fixes the following issues: - Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678...
RHEL 5 : pam (RHSA-2007:0555)
Updated pam packages that fix two security flaws, resolve several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules PAM provide a system...
Moderate: Red Hat Security Advisory: pam security, bug fix, and enhancement update
Updated pam packages that fix two security flaws, resolve several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules PAM provide a system...
CVE-2005-2977
The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unixchkpwd, which does not log failed guesses or delay its responses...
CVE-2005-2977
The CVE-2005-2977 issue affects the SELinux-enabled PAM, specifically PAM before 0.78 r3. The unix_chkpwd helper can be misused by a local attacker to brute-force check passwords without logging failed attempts or delaying responses, enabling partial disclosure risk (confidentiality impact) on lo...
CVE-2005-2977
The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unixchkpwd, which does not log failed guesses or delay its responses...
SELinux PAM passwords bruteforcing
There is no delay or logging for invalid password in unixchkpwd utility...
SELinux PAM: Local password guessing attack
Background PAM Pluggable Authentication Modules is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. SELinux is an operating system based on Linux which includes Mandatory Access Control...