pam-1.1.8-23.0.1.0.1.el7.AXS7

エラータID: AXSA:2025-10203:02

Release date: 
Monday, June 30, 2025 - 15:56
Subject: 
pam-1.1.8-23.0.1.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

PAM (Pluggable Authentication Modules) is a system security tool that
allows system administrators to set authentication policy without
having to recompile programs that handle authentication.

Security Fix(es):

* CVE-2024-10041: fix possibility of leakage of secret information stored in
memory
* CVE-2024-22365: fix potential DoS via mkfifo because the openat call lacks
O_DIRECTORY

CVE(s):
CVE-2024-22365
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
CVE-2024-10041
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

Solution: 

Update packages.

CVEs: 
CVE-2024-10041
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.
CVE-2024-22365
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. pam-1.1.8-23.0.1.0.1.el7.AXS7.i686.rpm
    MD5: b9539ee0ae0b598e6714d0e99ba46fe6
    SHA-256: 65526d3dd681e1e6b7ae92c63879f9e3399f14ad3ceb1a369d10bd09573a1cff
    Size: 719.10 kB
  2. pam-1.1.8-23.0.1.0.1.el7.AXS7.x86_64.rpm
    MD5: 9087afa1f56e3a2733cbdc7e7cea7c7c
    SHA-256: f63056ab3e0bdf48e167f9806dc60f107ec82b3570dbf89dac5d845a35c2e6b6
    Size: 720.27 kB
  3. pam-devel-1.1.8-23.0.1.0.1.el7.AXS7.i686.rpm
    MD5: 3f25fa97c3fcc9edc1d9d2b5d91a392e
    SHA-256: 92513c8ee0f4b451fade9a761d8ce5d5a7daeb025f29d46152e5cd8fc7238649
    Size: 184.36 kB
  4. pam-devel-1.1.8-23.0.1.0.1.el7.AXS7.x86_64.rpm
    MD5: 3c5681aa121e23f924737e98409b6b78
    SHA-256: 3ff5822b970ce481a32efe25f8af30ae036943c093d0068ae6e2185252dc7152
    Size: 184.34 kB