{
  "threat_severity" : "Important",
  "public_date" : "2024-11-07T00:00:00Z",
  "bugzilla" : {
    "description" : "pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass",
    "id" : "2324291",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2324291"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-287",
  "details" : [ "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.", "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals." ],
  "statement" : "This vulnerability in pam_access is rated with an Important severity because it directly impacts the integrity of access control mechanisms in secure environments. By allowing hostname spoofing to bypass restrictions intended for specific local TTYs or services, the vulnerability enables attackers with minimal effort to exploit gaps in security policies that rely on access.conf configurations. The potential for unauthorized access is significant, as attackers with root privileges on any networked device can impersonate trusted service names to evade local access controls.\nThis vulnerability was introduced in RHEL-9.4 and does not affect previous versions of RHEL-9.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-11-26T00:00:00Z",
    "advisory" : "RHSA-2024:10379",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "pam-0:1.3.1-36.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-25T00:00:00Z",
    "advisory" : "RHSA-2024:10244",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "pam-0:1.5.1-22.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-25T00:00:00Z",
    "advisory" : "RHSA-2024:10244",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "pam-0:1.5.1-22.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2024-11-25T00:00:00Z",
    "advisory" : "RHSA-2024:10232",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "pam-0:1.5.1-23.el9_4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.16",
    "release_date" : "2024-12-04T00:00:00Z",
    "advisory" : "RHSA-2024:10528",
    "cpe" : "cpe:/a:redhat:openshift:4.16::el9",
    "package" : "rhcos-416.94.202411261619-0"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.17",
    "release_date" : "2024-12-03T00:00:00Z",
    "advisory" : "RHSA-2024:10518",
    "cpe" : "cpe:/a:redhat:openshift:4.17::el9",
    "package" : "rhcos-417.94.202411261220-0"
  }, {
    "product_name" : "Red Hat OpenShift AI 2.16",
    "release_date" : "2024-12-05T00:00:00Z",
    "advisory" : "RHSA-2024:10852",
    "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8",
    "package" : "rhoai/odh-dashboard-rhel8:sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "pam",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "pam",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "pam",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-10963\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-10963\nhttps://github.com/linux-pam/linux-pam/issues/834\nhttps://github.com/linux-pam/linux-pam/pull/835" ],
  "name" : "CVE-2024-10963",
  "mitigation" : {
    "value" : "To reduce the risk, administrators should ensure that no DNS hostname matches local TTY or service names used in pam_access. Additionally, implement DNSSEC to prevent spoofing of DNS responses. For stronger protection, consider reconfiguring pam_access to only accept fully qualified domain names (FQDNs) in access.conf",
    "lang" : "en:us"
  },
  "csaw" : false
}