Fluid Attacks Database

Description

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	pam	=1.5.2-6 \|\| =1.5.2-6+deb12u1 \|\| >=0 <1.5.2-6+deb12u2	1.5.2-6+deb12u2
alpine v3.20	linux-pam	=1.1.3-r0 \|\| =1.1.3-r1 \|\| =1.1.3-r2 \|\| =1.1.3-r3 \|\| =1.1.3-r4 \|\| =1.1.5-r0 \|\| =1.1.6-r0 \|\| =1.1.8-r0 \|\| =1.1.8-r1 \|\| =1.1.8-r2 \|\| =1.2.0-r0 \|\| =1.2.1-r0 \|\| =1.2.1-r1 \|\| =1.3.0-r0 \|\| =1.3.0-r1 \|\| =1.3.1-r0 \|\| =1.3.1-r1 \|\| =1.3.1-r2 \|\| =1.3.1-r3 \|\| =1.3.1-r4 \|\| =1.4.0-r0 \|\| =1.4.0-r1 \|\| =1.5.1-r0 \|\| =1.5.1-r1 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r10 \|\| =1.5.2-r2 \|\| =1.5.2-r3 \|\| =1.5.2-r4 \|\| =1.5.2-r5 \|\| =1.5.2-r6 \|\| =1.5.2-r7 \|\| =1.5.2-r8 \|\| =1.5.2-r9 \|\| =1.5.3-r0 \|\| =1.5.3-r1 \|\| =1.5.3-r2 \|\| =1.5.3-r3 \|\| =1.5.3-r4 \|\| =1.5.3-r5 \|\| =1.5.3-r6 \|\| =1.5.3-r7 \|\| =1.5.3-r8 \|\| >=0 <1.6.0-r0	1.6.0-r0
alpine v3.21	linux-pam	=1.1.3-r0 \|\| =1.1.3-r1 \|\| =1.1.3-r2 \|\| =1.1.3-r3 \|\| =1.1.3-r4 \|\| =1.1.5-r0 \|\| =1.1.6-r0 \|\| =1.1.8-r0 \|\| =1.1.8-r1 \|\| =1.1.8-r2 \|\| =1.2.0-r0 \|\| =1.2.1-r0 \|\| =1.2.1-r1 \|\| =1.3.0-r0 \|\| =1.3.0-r1 \|\| =1.3.1-r0 \|\| =1.3.1-r1 \|\| =1.3.1-r2 \|\| =1.3.1-r3 \|\| =1.3.1-r4 \|\| =1.4.0-r0 \|\| =1.4.0-r1 \|\| =1.5.1-r0 \|\| =1.5.1-r1 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r10 \|\| =1.5.2-r2 \|\| =1.5.2-r3 \|\| =1.5.2-r4 \|\| =1.5.2-r5 \|\| =1.5.2-r6 \|\| =1.5.2-r7 \|\| =1.5.2-r8 \|\| =1.5.2-r9 \|\| =1.5.3-r0 \|\| =1.5.3-r1 \|\| =1.5.3-r2 \|\| =1.5.3-r3 \|\| =1.5.3-r4 \|\| =1.5.3-r5 \|\| =1.5.3-r6 \|\| =1.5.3-r7 \|\| =1.5.3-r8 \|\| >=0 <1.6.0-r0	1.6.0-r0
alpine v3.22	linux-pam	=1.1.3-r0 \|\| =1.1.3-r1 \|\| =1.1.3-r2 \|\| =1.1.3-r3 \|\| =1.1.3-r4 \|\| =1.1.5-r0 \|\| =1.1.6-r0 \|\| =1.1.8-r0 \|\| =1.1.8-r1 \|\| =1.1.8-r2 \|\| =1.2.0-r0 \|\| =1.2.1-r0 \|\| =1.2.1-r1 \|\| =1.3.0-r0 \|\| =1.3.0-r1 \|\| =1.3.1-r0 \|\| =1.3.1-r1 \|\| =1.3.1-r2 \|\| =1.3.1-r3 \|\| =1.3.1-r4 \|\| =1.4.0-r0 \|\| =1.4.0-r1 \|\| =1.5.1-r0 \|\| =1.5.1-r1 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r10 \|\| =1.5.2-r2 \|\| =1.5.2-r3 \|\| =1.5.2-r4 \|\| =1.5.2-r5 \|\| =1.5.2-r6 \|\| =1.5.2-r7 \|\| =1.5.2-r8 \|\| =1.5.2-r9 \|\| =1.5.3-r0 \|\| =1.5.3-r1 \|\| =1.5.3-r2 \|\| =1.5.3-r3 \|\| =1.5.3-r4 \|\| =1.5.3-r5 \|\| =1.5.3-r6 \|\| =1.5.3-r7 \|\| =1.5.3-r8 \|\| >=0 <1.6.0-r0	1.6.0-r0
debian 11	pam	=1.4.0-9 \|\| =1.4.0-9+deb11u1 \|\| >=0 <1.4.0-9+deb11u2	1.4.0-9+deb11u2
debian 13	pam	>=0 <1.5.3-4	1.5.3-4
debian 14	pam	>=0 <1.5.3-4	1.5.3-4
alpine v3.23	linux-pam	=1.1.3-r0 \|\| =1.1.3-r1 \|\| =1.1.3-r2 \|\| =1.1.3-r3 \|\| =1.1.3-r4 \|\| =1.1.5-r0 \|\| =1.1.6-r0 \|\| =1.1.8-r0 \|\| =1.1.8-r1 \|\| =1.1.8-r2 \|\| =1.2.0-r0 \|\| =1.2.1-r0 \|\| =1.2.1-r1 \|\| =1.3.0-r0 \|\| =1.3.0-r1 \|\| =1.3.1-r0 \|\| =1.3.1-r1 \|\| =1.3.1-r2 \|\| =1.3.1-r3 \|\| =1.3.1-r4 \|\| =1.4.0-r0 \|\| =1.4.0-r1 \|\| =1.5.1-r0 \|\| =1.5.1-r1 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r10 \|\| =1.5.2-r2 \|\| =1.5.2-r3 \|\| =1.5.2-r4 \|\| =1.5.2-r5 \|\| =1.5.2-r6 \|\| =1.5.2-r7 \|\| =1.5.2-r8 \|\| =1.5.2-r9 \|\| =1.5.3-r0 \|\| =1.5.3-r1 \|\| =1.5.3-r2 \|\| =1.5.3-r3 \|\| =1.5.3-r4 \|\| =1.5.3-r5 \|\| =1.5.3-r6 \|\| =1.5.3-r7 \|\| =1.5.3-r8 \|\| >=0 <1.6.0-r0	1.6.0-r0
rpm rhel7	pam	-	-
rpm rhel9	pam	<0:1.5.1-19.el9	0:1.5.1-19.el9

1-10 of 11

Aliases

1. CVE-2024-223652. NVD-2024-223653. OSV-DEBIAN-2024-223654. OSV-2024-223655. OSV-ALPINE-2024-223656. SECURITY-TRACKER-CVE-2024-223657. SECURITY-CVE-2024-22365

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.