vulnerability

Oracle Linux: CVE-2024-10963: ELSA-2024-10244: pam:1.5.1 security update (IMPORTANT) (Multiple Advisories)

Severity
7
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:N)
Published
Nov 7, 2024
Added
Nov 26, 2024
Modified
Jan 7, 2025

Description

A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.

Solution(s)

oracle-linux-upgrade-pamoracle-linux-upgrade-pam-develoracle-linux-upgrade-pam-docs
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.