Details of issue NIXPKGS-2025-0009

affected

created 1 Nov 2025

NIXPKGS-2025-0009

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

Vulnerabilities

CVE-2025-8941

Related packages

pkgs.pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

nixos-unstable ???
- nixpkgs-unstable 1.7.1

pkgs.ipam

Cli based IPAM written in Go with PowerDNS support

nixos-unstable ???
- nixpkgs-unstable 0.3.0-1

pkgs.opam

Package manager for OCaml

nixos-unstable ???
- nixpkgs-unstable 2.4.1

pkgs.paml

Phylogenetic Analysis by Maximum Likelihood (PAML)

nixos-unstable ???
- nixpkgs-unstable 4.10.7

pkgs.dspam

Community Driven Antispam Filter

nixos-unstable ???
- nixpkgs-unstable 3.10.2

pkgs.pamix

Pulseaudio terminal mixer

nixos-unstable ???
- nixpkgs-unstable 2.0

pkgs.rspamd

Advanced spam filtering system

nixos-unstable ???
- nixpkgs-unstable 3.12.1

pkgs.openpam

Open source PAM library that focuses on simplicity, correctness, and cleanliness

nixos-unstable ???
- nixpkgs-unstable 20230627

pkgs.pam_p11

Authentication with PKCS#11 modules

nixos-unstable ???
- nixpkgs-unstable 0.3.1

pkgs.pam_u2f

PAM module for allowing authentication with a U2F device

nixos-unstable ???
- nixpkgs-unstable 1.4.0

pkgs.pamixer

Pulseaudio command line mixer

nixos-unstable ???
- nixpkgs-unstable 1.6

pkgs.dopamine

Audio player that keeps it simple

nixos-unstable ???
- nixpkgs-unstable 3.0.0-preview.39

pkgs.pam_krb5

PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC

nixos-unstable ???
- nixpkgs-unstable krb5-4.11

pkgs.pam_ldap

LDAP backend for PAM

nixos-unstable ???
- nixpkgs-unstable 0-unstable-2024-02-22

pkgs.pam_rssh

PAM module for authenticating via ssh-agent, written in Rust

nixos-unstable ???
- nixpkgs-unstable 1.2.0

pkgs.pam_ussh

PAM module to authenticate using SSH certificates

nixos-unstable ???
- nixpkgs-unstable 0-unstable-2021-06-15

pkgs.linux-pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

nixos-unstable ???
- nixpkgs-unstable 1.7.1

pkgs.ncpamixer

Terminal mixer for PulseAudio inspired by pavucontrol

nixos-unstable ???
- nixpkgs-unstable 1.3.9

pkgs.opam2json

Convert opam file syntax to JSON

nixos-unstable ???
- nixpkgs-unstable 0.4

pkgs.pam_dp9ik

dp9ik pam module

nixos-unstable ???
- nixpkgs-unstable 1.6.6

pkgs.pam_gnupg

Unlock GnuPG keys on login

nixos-unstable ???
- nixpkgs-unstable 0.4

pkgs.pam_mount

PAM module to mount volumes for a user session

nixos-unstable ???
- nixpkgs-unstable 2.20

pkgs.pam_mysql

PAM authentication module against a MySQL database

nixos-unstable ???
- nixpkgs-unstable 1.0.0-beta2

pkgs.pam_pgsql

Support to authenticate against PostgreSQL for PAM-enabled appliations

nixos-unstable ???
- nixpkgs-unstable 2020-05-05

pkgs.pamtester

Utility program to test the PAM facility

nixos-unstable ???
- nixpkgs-unstable 0.1.2

pkgs.pam_ccreds

PAM module to locally authenticate using an enterprise identity when the network is unavailable

nixos-unstable ???
- nixpkgs-unstable 10

pkgs.pam_mktemp

PAM for login service to provide per-user private directories

nixos-unstable ???
- nixpkgs-unstable 1.1.1

pkgs.pam_rundir

Provide user runtime directory on Linux systems

nixos-unstable ???
- nixpkgs-unstable 1.0.0

pkgs.pam_tmpdir

PAM module for creating safe per-user temporary directories

nixos-unstable ???
- nixpkgs-unstable 0.09

pkgs.yubico-pam

Yubico PAM module

nixos-unstable ???
- nixpkgs-unstable 2.27

pkgs.pam-watchid

PAM plugin module that allows the Apple Watch to be used for authentication

nixos-unstable ???
- nixpkgs-unstable 2-unstable-2024-12-24

pkgs.apparmor-pam

Mandatory access control system - PAM service

nixos-unstable ???
- nixpkgs-unstable 4.1.1

pkgs.opam-publish

Tool to ease contributions to opam repositories

nixos-unstable ???
- nixpkgs-unstable 2.5.1

pkgs.pam-reattach

Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux)

nixos-unstable ???
- nixpkgs-unstable 1.3

pkgs.spamassassin

Open-Source Spam Filter

nixos-unstable ???
- nixpkgs-unstable 4.0.1

pkgs.nss_pam_ldapd

LDAP identity and authentication for NSS/PAM

nixos-unstable ???
- nixpkgs-unstable 0.9.13

pkgs.libpam-wrapper

Wrapper for testing PAM modules

nixos-unstable ???
- nixpkgs-unstable 1.1.5

pkgs.opam-installer

Handle (un)installation from opam install files

nixos-unstable ???
- nixpkgs-unstable 2.4.1

pkgs.pam-honeycreds

PAM module that sends warnings when fake passwords are used

nixos-unstable ???
- nixpkgs-unstable 1.9

pkgs.rspamd-trainer

Grabs messages from a spam mailbox via IMAP and feeds them to Rspamd for training

nixos-unstable ???
- nixpkgs-unstable 2023-11-27

pkgs.pam_ssh_agent_auth

PAM module for authentication through the SSH agent

nixos-unstable ???
- nixpkgs-unstable 0.10.4

pkgs.rubyPackages.rpam2

nixos-unstable ???
- nixpkgs-unstable rpam2-4.0.2

pkgs.decode-spam-headers

Script that helps you understand why your E-Mail ended up in Spam

nixos-unstable ???
- nixpkgs-unstable 2022-09-22-unreleased

pkgs.haskellPackages.pam

Haskell binding for C PAM API

nixos-unstable ???
- nixpkgs-unstable 0.2.0.0

pkgs.luaPackages.lua-pam

Lua module for PAM authentication

nixos-unstable ???
- nixpkgs-unstable 2015-07-03

pkgs.google-authenticator

Two-step verification, with pam module

nixos-unstable ???
- nixpkgs-unstable 1.11

pkgs.lua51Packages.lua-pam

Lua module for PAM authentication

nixos-unstable ???
- nixpkgs-unstable 2015-07-03

pkgs.lua52Packages.lua-pam

Lua module for PAM authentication

nixos-unstable ???
- nixpkgs-unstable 2015-07-03

pkgs.lua53Packages.lua-pam

Lua module for PAM authentication

nixos-unstable ???
- nixpkgs-unstable 2015-07-03

pkgs.rubyPackages_3_1.rpam2

nixos-unstable ???
- nixpkgs-unstable rpam2-4.0.2

pkgs.rubyPackages_3_2.rpam2

nixos-unstable ???
- nixpkgs-unstable rpam2-4.0.2

pkgs.rubyPackages_3_3.rpam2

nixos-unstable ???
- nixpkgs-unstable rpam2-4.0.2

pkgs.rubyPackages_3_4.rpam2

nixos-unstable ???
- nixpkgs-unstable rpam2-4.0.2

pkgs.kdePackages.kwallet-pam

PAM Integration with KWallet - Unlock KWallet when you login

nixos-unstable ???
- nixpkgs-unstable 6.4.5

pkgs.opensmtpd-filter-rspamd

OpenSMTPD filter integration for the Rspamd daemon

nixos-unstable ???
- nixpkgs-unstable 0.1.8

pkgs.python312Packages.pamqp

RabbitMQ Focused AMQP low-level library

nixos-unstable ???
- nixpkgs-unstable 3.3.0

pkgs.python313Packages.pamqp

RabbitMQ Focused AMQP low-level library

nixos-unstable ???
- nixpkgs-unstable 3.3.0

pkgs.sbclPackages.cl-xmlspam

nixos-unstable ???
- nixpkgs-unstable 20101006-http

pkgs.python312Packages.pamela

PAM interface using ctypes

nixos-unstable ???
- nixpkgs-unstable 1.2.0

pkgs.python313Packages.pamela

PAM interface using ctypes

nixos-unstable ???
- nixpkgs-unstable 1.2.0

pkgs.stalwart-mail-spam-filter

Secure & modern all-in-one mail server Stalwart (spam-filter module)

nixos-unstable ???
- nixpkgs-unstable 2.0.3

pkgs.python312Packages.pypamtest

Wrapper for testing PAM modules

nixos-unstable ???
- nixpkgs-unstable 1.1.5

pkgs.python313Packages.pypamtest

Wrapper for testing PAM modules

nixos-unstable ???
- nixpkgs-unstable 1.1.5

pkgs.python312Packages.python-pam

Python pam module

nixos-unstable ???
- nixpkgs-unstable 2.0.2

pkgs.python313Packages.python-pam

Python pam module

nixos-unstable ???
- nixpkgs-unstable 2.0.2

pkgs.wordpressPackages.plugins.antispam-bee

nixos-unstable ???
- nixpkgs-unstable 2.11.7

pkgs.matrix-synapse-plugins.matrix-synapse-pam

PAM auth provider for the Synapse Matrix server

nixos-unstable ???
- nixpkgs-unstable 0.1.3

pkgs.matrix-synapse-plugins.synapse-http-antispam

Synapse module that forwards spam checking to an HTTP server

nixos-unstable ???
- nixpkgs-unstable 0.5.0

pkgs.matrix-synapse-plugins.matrix-synapse-mjolnir-antispam

AntiSpam / Banlist plugin to be used with mjolnir

nixos-unstable ???
- nixpkgs-unstable 1.11.0

pkgs.vscode-extensions.fabiospampinato.vscode-open-in-github

VS Code extension to open the current project or file in github.com

nixos-unstable ???
- nixpkgs-unstable 2.3.1