{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-10963", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-11-07T07:29:13.250Z", "datePublished": "2024-11-07T16:02:34.873Z", "dateUpdated": "2024-11-11T23:37:25.182Z"}, "containers": {"cna": {"title": "Pam: improper hostname interpretation in pam_access leads to access control bypass", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "pam", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-10963", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324291", "name": "RHBZ#2324291", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-11-07T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "Improper Authentication", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-287: Improper Authentication", "workarounds": [{"lang": "en", "value": "To reduce the risk, administrators should ensure that no DNS hostname matches local TTY or service names used in pam_access. Additionally, implement DNSSEC to prevent spoofing of DNS responses. For stronger protection, consider reconfiguring pam_access to only accept fully qualified domain names (FQDNs) in access.conf"}], "timeline": [{"lang": "en", "time": "2024-11-07T07:38:52.548000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-11-07T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-11T23:37:25.182Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-07T18:27:30.472908Z", "id": "CVE-2024-10963", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T18:27:42.452Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-10963", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-07T18:27:30.472908Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T18:27:37.229Z"}}], "cna": {"title": "Pam: improper hostname interpretation in pam_access leads to access control bypass", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "pam", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "rhcos", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-11-07T07:38:52.548000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-11-07T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-11-07T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-10963", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324291", "name": "RHBZ#2324291", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "To reduce the risk, administrators should ensure that no DNS hostname matches local TTY or service names used in pam_access. Additionally, implement DNSSEC to prevent spoofing of DNS responses. For stronger protection, consider reconfiguring pam_access to only accept fully qualified domain names (FQDNs) in access.conf"}], "descriptions": [{"lang": "en", "value": "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "Improper Authentication"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-11T23:37:25.182Z"}, "x_redhatCweChain": "CWE-287: Improper Authentication"}}, "cveMetadata": {"cveId": "CVE-2024-10963", "state": "PUBLISHED", "dateUpdated": "2024-11-11T23:37:25.182Z", "dateReserved": "2024-11-07T07:29:13.250Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-11-07T16:02:34.873Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en pam_access debido al manejo inadecuado de tokens en access.conf, interpretados como nombres de host. Esta falla permite a los atacantes eludir las restricciones de acceso falsificando nombres de host, lo que debilita las configuraciones dise\u00f1adas para limitar el acceso a TTY o servicios espec\u00edficos. La falla plantea un riesgo en entornos que dependen de estas configuraciones para el control de acceso local."}], "id": "CVE-2024-10963", "lastModified": "2024-11-11T18:15:14.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2024-11-07T16:15:17.150", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-10963"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324291"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"bugzilla": {"description": "pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass", "id": "2324291", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324291"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-287", "details": ["A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.", "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals."], "mitigation": {"lang": "en:us", "value": "To reduce the risk, administrators should ensure that no DNS hostname matches local TTY or service names used in pam_access. Additionally, implement DNSSEC to prevent spoofing of DNS responses. For stronger protection, consider reconfiguring pam_access to only accept fully qualified domain names (FQDNs) in access.conf"}, "name": "CVE-2024-10963", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "pam", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "pam", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "pam", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-11-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-10963\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-10963"], "statement": "This vulnerability in pam_access is rated with an Important severity because it directly impacts the integrity of access control mechanisms in secure environments. By allowing hostname spoofing to bypass restrictions intended for specific local TTYs or services, the vulnerability enables attackers with minimal effort to exploit gaps in security policies that rely on access.conf configurations. The potential for unauthorized access is significant, as attackers with root privileges on any networked device can impersonate trusted service names to evade local access controls.", "threat_severity": "Important"}