Description

A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.

INFO

Published Date :

2024-11-07T16:02:34.873Z

Last Modified :

2026-03-24T16:53:47.820Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-10963 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Openshift
  • Openshift Ai
  • Rhel Eus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-10963.

URL Resource
https://access.redhat.com/errata/RHSA-2024:10232 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:10244 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:10379 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:10518 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:10528 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:10852 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-10963 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2324291 cve-icon cve-icon
https://github.com/linux-pam/linux-pam/issues/834 cve-icon cve-icon
https://github.com/linux-pam/linux-pam/pull/835 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-10963 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-10963 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact