Nixpkgs security tracker

Login with GitHub

Suggestions search

With package: linux-pam

Found 2 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-54411
6.9 MEDIUM
  • CVSS version (CVSS): 4.0
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Attack Requirement (AT): Present (P)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Vulnerable System Impact Confidentiality (VC): High (H)
  • Vulnerable System Impact Integrity (VI): None (N)
  • Vulnerable System Impact Availability (VA): None (N)
  • Subsequent System Impact Confidentiality (SC): None (N)
  • Subsequent System Impact Integrity (SI): None (N)
  • Subsequent System Impact Availability (SA): None (N)
  • Exploit Maturity (E): POC (P)
  • Automatable (AU): No (N)
  • Value Density (V): Diffuse (D)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Attack Requirement (MAT): Present (P)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Vulnerable System Impact Confidentiality (MVC): High (H)
  • Modified Vulnerable System Impact Integrity (MVI): None (N)
  • Modified Vulnerable System Impact Availability (MVA): None (N)
  • Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
  • Modified Subsequent System Impact Integrity (MSI): Negligible (N)
  • Modified Subsequent System Impact Availability (MSA): Negligible (N)
  • Safety (S): Not Defined (X)
  • Recovery (R): Not Defined (X)
  • Vulnerability Response Effort (RE): Not Defined (X)
  • Provider Urgency (U): Not Defined (X)
  • Confidentiality Req. (CR): Not Defined (X)
  • Integrity Req. (IR): Not Defined (X)
  • Availability Req. (AR): Not Defined (X)
updated 2 weeks, 2 days ago by @LeSuisse Activity log
Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in …

Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext.

Affected products

Linux-PAM
  • =<1.7.2

Matching in nixpkgs

pkgs.pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

pkgs.linux-pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

Published
Permalink CVE-2025-8941
7.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 8 months ago by @LeSuisse Activity log
  • Created suggestion
  • @LeSuisse ignored
    69 packages
    • ipam
    • opam
    • paml
    • dspam
    • pamix
    • rspamd
    • openpam
    • pam_p11
    • pam_u2f
    • pamixer
    • dopamine
    • pam_krb5
    • sbclPackages.cl-xmlspam
    • python312Packages.pamela
    • python313Packages.pamela
    • stalwart-mail-spam-filter
    • python312Packages.pypamtest
    • python313Packages.pypamtest
    • python312Packages.python-pam
    • python313Packages.python-pam
    • wordpressPackages.plugins.antispam-bee
    • matrix-synapse-plugins.matrix-synapse-pam
    • matrix-synapse-plugins.synapse-http-antispam
    • matrix-synapse-plugins.matrix-synapse-mjolnir-antispam
    • vscode-extensions.fabiospampinato.vscode-open-in-github
    • pam_ssh_agent_auth
    • rubyPackages.rpam2
    • decode-spam-headers
    • haskellPackages.pam
    • luaPackages.lua-pam
    • google-authenticator
    • lua51Packages.lua-pam
    • lua52Packages.lua-pam
    • lua53Packages.lua-pam
    • rubyPackages_3_1.rpam2
    • rubyPackages_3_2.rpam2
    • rubyPackages_3_3.rpam2
    • rubyPackages_3_4.rpam2
    • kdePackages.kwallet-pam
    • opensmtpd-filter-rspamd
    • python312Packages.pamqp
    • python313Packages.pamqp
    • apparmor-pam
    • opam-publish
    • pam-reattach
    • spamassassin
    • nss_pam_ldapd
    • libpam-wrapper
    • opam-installer
    • pam-honeycreds
    • rspamd-trainer
    • pam_ussh
    • pam_rssh
    • pam_ldap
    • pam
    • ncpamixer
    • opam2json
    • pam_dp9ik
    • pam_gnupg
    • pam_mount
    • pam_mysql
    • pam_pgsql
    • pamtester
    • pam_ccreds
    • pam_mktemp
    • pam_rundir
    • pam_tmpdir
    • yubico-pam
    • pam-watchid
  • @LeSuisse accepted
  • @LeSuisse published on GitHub
Linux-pam: incomplete fix for cve-2025-6020

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

References

Affected products

pam
  • *
linux-pam
discovery/discovery-server-rhel9
  • *
web-terminal/web-terminal-tooling-rhel9
  • *
cert-manager/jetstack-cert-manager-rhel9
  • *
web-terminal/web-terminal-rhel9-operator
  • *
insights-proxy/insights-proxy-container-rhel9
  • *
compliance/openshift-compliance-openscap-rhel8
  • *
openshift-sandboxed-containers/osc-monitor-rhel9
  • *
registry.redhat.io/discovery/discovery-server-rhel9
  • *
openshift-sandboxed-containers/osc-podvm-builder-rhel9
  • *
openshift-sandboxed-containers/osc-podvm-payload-rhel9
  • *
openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9
  • *
registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9
  • *
registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9
  • *
registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9
  • *
registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9
  • *

Matching in nixpkgs

pkgs.linux-pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

  • nixos-unstable -
Ignored packages (69)

pkgs.pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

  • nixos-unstable -

pkgs.ipam

Cli based IPAM written in Go with PowerDNS support

  • nixos-unstable -

pkgs.opam

Package manager for OCaml

  • nixos-unstable -

pkgs.paml

Phylogenetic Analysis by Maximum Likelihood (PAML)

  • nixos-unstable -

pkgs.dspam

Community Driven Antispam Filter

  • nixos-unstable -

pkgs.pamix

Pulseaudio terminal mixer

  • nixos-unstable -
    • nixpkgs-unstable 2.0

pkgs.rspamd

Advanced spam filtering system

  • nixos-unstable -

pkgs.openpam

Open source PAM library that focuses on simplicity, correctness, and cleanliness

  • nixos-unstable -

pkgs.pam_p11

Authentication with PKCS#11 modules

  • nixos-unstable -

pkgs.pam_u2f

PAM module for allowing authentication with a U2F device

  • nixos-unstable -

pkgs.pamixer

Pulseaudio command line mixer

  • nixos-unstable -
    • nixpkgs-unstable 1.6

pkgs.pam_krb5

PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC

  • nixos-unstable -

pkgs.pam_rssh

PAM module for authenticating via ssh-agent, written in Rust

  • nixos-unstable -

pkgs.ncpamixer

Terminal mixer for PulseAudio inspired by pavucontrol

  • nixos-unstable -

pkgs.opam2json

Convert opam file syntax to JSON

  • nixos-unstable -
    • nixpkgs-unstable 0.4

pkgs.pam_dp9ik

dp9ik pam module

  • nixos-unstable -

pkgs.pam_gnupg

Unlock GnuPG keys on login

  • nixos-unstable -
    • nixpkgs-unstable 0.4

pkgs.pam_mount

PAM module to mount volumes for a user session

  • nixos-unstable -
    • nixpkgs-unstable 2.20

pkgs.pam_mysql

PAM authentication module against a MySQL database

pkgs.pam_pgsql

Support to authenticate against PostgreSQL for PAM-enabled appliations

pkgs.pamtester

Utility program to test the PAM facility

  • nixos-unstable -

pkgs.pam_ccreds

PAM module to locally authenticate using an enterprise identity when the network is unavailable

  • nixos-unstable -
    • nixpkgs-unstable 10

pkgs.pam_mktemp

PAM for login service to provide per-user private directories

  • nixos-unstable -

pkgs.pam_rundir

Provide user runtime directory on Linux systems

  • nixos-unstable -

pkgs.pam_tmpdir

PAM module for creating safe per-user temporary directories

  • nixos-unstable -
    • nixpkgs-unstable 0.09

pkgs.yubico-pam

Yubico PAM module

  • nixos-unstable -
    • nixpkgs-unstable 2.27

pkgs.apparmor-pam

Mandatory access control system - PAM service

  • nixos-unstable -

pkgs.opam-publish

Tool to ease contributions to opam repositories

  • nixos-unstable -

pkgs.pam-reattach

Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux)

  • nixos-unstable -
    • nixpkgs-unstable 1.3

pkgs.nss_pam_ldapd

LDAP identity and authentication for NSS/PAM

  • nixos-unstable -

pkgs.opam-installer

Handle (un)installation from opam install files

  • nixos-unstable -

pkgs.pam-honeycreds

PAM module that sends warnings when fake passwords are used

  • nixos-unstable -
    • nixpkgs-unstable 1.9

pkgs.rspamd-trainer

Grabs messages from a spam mailbox via IMAP and feeds them to Rspamd for training