pam
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | PAM (Pluggable Authentication Modules) library |
| Version | 1.7.1-1 [core] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2901 | 1.7.0-2 | High | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2025-6020 | AVG-2901 | High | No | Arbitrary filesystem access | The module pam_namespace in linux-pam <= 1.7.0 may access user- controlled paths without proper protections, which allows a local user to elevate their... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1297 | 1.5.0-1 | 1.5.0-2 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-27780 | AVG-1297 | High | No | Authentication bypass | An authentication bypass issue was found in pam 1.5.0. Nonexistent users could authenticate if the root password was empty. |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 09 Dec 2020 | ASA-202012-13 | AVG-1297 | High | authentication bypass |