{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-22365", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-01T22:43:34.704Z", "dateReserved": "2024-01-09T00:00:00", "datePublished": "2024-02-06T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-06T07:26:23.317057"}, "descriptions": [{"lang": "en", "value": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/linux-pam/linux-pam"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/18/3"}, {"url": "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0"}, {"url": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22365", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-15T21:07:13.510998Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:52:23.208Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.704Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/linux-pam/linux-pam", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/18/3", "tags": ["x_transferred"]}, {"url": "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", "tags": ["x_transferred"]}, {"url": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/linux-pam/linux-pam", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/18/3", "tags": ["x_transferred"]}, {"url": "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", "tags": ["x_transferred"]}, {"url": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.704Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22365", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-15T21:07:13.510998Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:10.538Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/linux-pam/linux-pam"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/18/3"}, {"url": "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0"}, {"url": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb"}], "descriptions": [{"lang": "en", "value": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-06T07:26:23.317057"}}}, "cveMetadata": {"cveId": "CVE-2024-22365", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:43:34.704Z", "dateReserved": "2024-01-09T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-02-06T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B735A60-FB87-4597-BFF4-A6ED201E71A1", "versionEndExcluding": "1.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY."}, {"lang": "es", "value": "linux-pam (tambi\u00e9n conocido como Linux PAM) anterior a 1.6.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (proceso de inicio de sesi\u00f3n bloqueado) a trav\u00e9s de mkfifo porque la llamada openat (para protect_dir) carece de O_DIRECTORY."}], "id": "CVE-2024-22365", "lastModified": "2024-02-14T00:27:40.143", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-06T08:15:52.203", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Patch", "Release Notes"], "url": "http://www.openwall.com/lists/oss-security/2024/01/18/3"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/linux-pam/linux-pam"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3163", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "pam-0:1.3.1-33.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:2438", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "pam-0:1.5.1-19.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:2438", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "pam-0:1.5.1-19.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}], "bugzilla": {"description": "pam: allowing unprivileged user to block another user namespace", "id": "2257722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257722"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-277", "details": ["linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-22365", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "pam", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-01-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-22365\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-22365\nhttps://www.openwall.com/lists/oss-security/2024/01/18/3"], "statement": "Red Hat rates this as Moderate, as this vulnerability needs a non-default configuration in order to be explored by a malicious user. Also, the attack is local and the Denial of Service happens to a single user.", "threat_severity": "Moderate", "upstream_fix": "pam 1.6.0"}