Fluid Attacks Database

Description

A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	pam	>=0 <1.7.0-5	1.7.0-5
debian 14	pam	>=0 <1.7.0-5	1.7.0-5
rpm rhel8	pam	<0:1.3.1-36.el8_10	0:1.3.1-36.el8_10
rpm rhel9	pam	<0:1.5.1-22.el9_5	0:1.5.1-22.el9_5
rpm rhel9.4	pam	<0:1.5.1-23.el9_4	0:1.5.1-23.el9_4

Aliases

1. CVE-2024-109632. NVD-2024-109633. OSV-DEBIAN-2024-109634. OSV-2024-109635. SECURITY-TRACKER-CVE-2024-10963

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.