Bug 2324291 (CVE-2024-10963)

Summary: CVE-2024-10963 pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: asheth, dlevin, ipedrosa, ldv, prodsec-dev, stulshan
Target Milestone: ---Keywords: Security
Target Release: ---Flags: asheth: needinfo? (prodsec-dev)
dlevin: needinfo-
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2324299, 2324300    
Bug Blocks:    

Description OSIDB Bzimport 2024-11-07 07:42:58 UTC 
A vulnerability in pam_access allows unauthorized users to bypass access restrictions by spoofing hostnames. This occurs because pam_access improperly interprets local access.conf rules to match remote hostnames, compromising configurations intended to restrict local access only. The issue affects all deployments using this configuration method, posing a significant risk to secure environments.
Comment 6 errata-xmlrpc 2024-11-25 15:21:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2024:10232 https://access.redhat.com/errata/RHSA-2024:10232
Comment 7 errata-xmlrpc 2024-11-25 19:18:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:10244 https://access.redhat.com/errata/RHSA-2024:10244
Comment 8 errata-xmlrpc 2024-11-26 15:20:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:10379 https://access.redhat.com/errata/RHSA-2024:10379
Comment 9 errata-xmlrpc 2024-12-03 18:08:26 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2024:10518 https://access.redhat.com/errata/RHSA-2024:10518
Comment 10 errata-xmlrpc 2024-12-04 04:02:00 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2024:10528 https://access.redhat.com/errata/RHSA-2024:10528
Comment 11 Asheth 2024-12-11 10:12:38 UTC 
Hello Team, 

We can see OpenShift 4.16 and 4.17 listed in the affected components section and a fix has been released for both versions. I have a customer using OpenShift 4.14.41. We would like to know if the fix has been backported to OpenShift 4.14.41.