CVE-2024-10963
CVSS V2 None
CVSS V3 None
Description
A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.
Overview
- CVE ID
- CVE-2024-10963
- Assigner
- redhat
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-07T16:02:34.873Z
- Last Modified Date
- 2024-11-07T18:27:42.452Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2024-10963 | vdb-entry x_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2324291 | issue-tracking x_refsource_REDHAT |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-10963 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10963 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-11-08 13:18:05 | Added to TrackCVE |