A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | RedHat | pam-0:1.3.1-36.el8_10 | * |
| Red Hat Enterprise Linux 9 | RedHat | pam-0:1.5.1-22.el9_5 | * |
| Red Hat Enterprise Linux 9 | RedHat | pam-0:1.5.1-22.el9_5 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | pam-0:1.5.1-23.el9_4 | * |
| Red Hat OpenShift Container Platform 4.16 | RedHat | rhcos-416.94.202411261619-0 | * |
| Red Hat OpenShift Container Platform 4.17 | RedHat | rhcos-417.94.202411261220-0 | * |
| Red Hat OpenShift AI 2.16 | RedHat | registry.redhat.io/rhoai/odh-dashboard-rhel8:sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644 | * |
| Pam | Ubuntu | devel | * |
| Pam | Ubuntu | noble | * |
| Pam | Ubuntu | oracular | * |
| Pam | Ubuntu | trusty/esm | * |