====================================================================

                                  CERT-Renater

                      Note d'Information No. 2024/VULN405
_____________________________________________________________________

DATE                : 04/10/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running PAM Authd versions
                               prior to 0.3.5.

=====================================================================
https://github.com/ubuntu/authd/security/advisories/GHSA-x5q3-c8rm-w787 
_____________________________________________________________________


PAM module may allow accessing with the credentials of another user
High
didrocks published GHSA-x5q3-c8rm-w787 Oct 3, 2024

Package
No package listed

Affected versions
< 0.3.5

Patched versions
0.3.5


Description

Authd PAM module up to version 0.3.4 can allow broker-managed users
to impersonate any other user managed by the same broker and perform
any PAM operation with it, including authenticating as them.

This is possible using tools such as su, sudo or ssh (and potentially
others) that, so far, do not ensure that the PAM user at the end of
the transaction is matching the one who initiated the transaction.

Authd 0.3.5 fixes this by not allowing changing the user unless it
was never set before in the PAM stack.

su version that will include util-linux/util-linux#3206 will not
be affected

ssh version that will include openssh/openssh-portable#521 will
not be affected

sudo version that will include sudo-project/sudo#412 will not
be affected

login not affected
passwd not affected
Old report

Severity
High

8.8/ 10

CVSS v3 base metrics

Attack vector
Network

Attack complexity
Low

Privileges required
Low

User interaction
None

Scope
Unchanged

Confidentiality
High

Integrity
High

Availability
High

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE ID
CVE-2024-9313

Weaknesses
No CWEs

Credits

     @3v1n0 3v1n0 Finder
     @didrocks didrocks Remediation reviewer


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================