Vulnerabilities > Linux PAM > Linux PAM > 0.99.6.1

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2024-22365 Unspecified vulnerability in Linux-Pam
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
local
low complexity
linux-pam
5.5
2022-09-19 CVE-2022-28321 Improper Authentication vulnerability in Linux-Pam
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins.
network
low complexity
linux-pam CWE-287
critical
9.8
2015-08-24 CVE-2015-3238 Information Exposure vulnerability in multiple products
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
network
low complexity
linux-pam oracle CWE-200
6.5
2011-01-24 CVE-2010-4708 Unspecified vulnerability in Linux-Pam
The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.
local
low complexity
linux-pam
7.2
2011-01-24 CVE-2010-3853 Unspecified vulnerability in Linux-Pam
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program.
local
linux-pam
6.9
2009-04-16 CVE-2009-0579 Permissions, Privileges, and Access Controls vulnerability in Linux-Pam
Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified.
local
low complexity
linux-pam CWE-264
4.6