Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: matrix-synapse-plugins.matrix-synapse-mjolnir-antispam

Found 4 matching suggestions

Permalink CVE-2025-6018
created 4 months, 3 weeks ago
Pam-config: lpe from unprivileged to allow_active in pam

A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations.

Affected products

pam
  • <1.1.8-24.71.1

Matching in nixpkgs

pkgs.pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

  • nixos-unstable -

pkgs.ipam

Cli based IPAM written in Go with PowerDNS support

pkgs.opam

Package manager for OCaml

  • nixos-unstable -

pkgs.paml

Phylogenetic Analysis by Maximum Likelihood (PAML)

  • nixos-unstable -

pkgs.dspam

Community Driven Antispam Filter

  • nixos-unstable -

pkgs.pamix

Pulseaudio terminal mixer

  • nixos-unstable -

pkgs.rspamd

Advanced spam filtering system

  • nixos-unstable -

pkgs.openpam

Open source PAM library that focuses on simplicity, correctness, and cleanliness

pkgs.pam_p11

Authentication with PKCS#11 modules

  • nixos-unstable -

pkgs.pam_u2f

PAM module for allowing authentication with a U2F device

  • nixos-unstable -

pkgs.pamixer

Pulseaudio command line mixer

  • nixos-unstable -

pkgs.pam_krb5

PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC

pkgs.pam_rssh

PAM module for authenticating via ssh-agent, written in Rust

  • nixos-unstable -

pkgs.linux-pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

  • nixos-unstable -

pkgs.ncpamixer

Terminal mixer for PulseAudio inspired by pavucontrol

  • nixos-unstable -

pkgs.opam2json

Convert opam file syntax to JSON

  • nixos-unstable -

pkgs.pam_gnupg

Unlock GnuPG keys on login

  • nixos-unstable -

pkgs.pam_mount

PAM module to mount volumes for a user session

  • nixos-unstable -

pkgs.pam_mysql

PAM authentication module against a MySQL database

pkgs.pam_pgsql

Support to authenticate against PostgreSQL for PAM-enabled appliations

pkgs.pamtester

Utility program to test the PAM facility

  • nixos-unstable -

pkgs.pam_ccreds

PAM module to locally authenticate using an enterprise identity when the network is unavailable

  • nixos-unstable -
    • nixpkgs-unstable 10

pkgs.pam_mktemp

PAM for login service to provide per-user private directories

  • nixos-unstable -

pkgs.pam_rundir

Provide user runtime directory on Linux systems

  • nixos-unstable -

pkgs.pam_tmpdir

PAM module for creating safe per-user temporary directories

  • nixos-unstable -

pkgs.apparmor-pam

Mandatory access control system - PAM service

  • nixos-unstable -

pkgs.opam-publish

Tool to ease contributions to opam repositories

  • nixos-unstable -

pkgs.pam-reattach

Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux)

  • nixos-unstable -

pkgs.nss_pam_ldapd

LDAP identity and authentication for NSS/PAM

  • nixos-unstable -

pkgs.opam-installer

Handle (un)installation from opam install files

  • nixos-unstable -

pkgs.pam-honeycreds

PAM module that sends warnings when fake passwords are used

  • nixos-unstable -

pkgs.rspamd-trainer

Grabs messages from a spam mailbox via IMAP and feeds them to Rspamd for training

Package maintainers

Permalink CVE-2025-6020
created 4 months, 3 weeks ago
Linux-pam: linux-pam directory traversal

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

Affected products

pam
  • *
linux-pam
  • <1.7.1
rhosdt/tempo-rhel8
  • *
rhosdt/tempo-query-rhel8
  • *
rhosdt/tempo-gateway-rhel8
  • *
rhosdt/tempo-rhel8-operator
  • *
rhpam-7/rhpam-rhel8-operator
  • *
rhpam-7/rhpam-kieserver-rhel8
  • *
rhpam-7/rhpam-operator-bundle
  • *
rhosdt/tempo-gateway-opa-rhel8
  • *
rhpam-7/rhpam-controller-rhel8
  • *
rhosdt/tempo-jaeger-query-rhel8
  • *
rhpam-7/rhpam-dashbuilder-rhel8
  • *
rhpam-7/rhpam-smartrouter-rhel8
  • *
discovery/discovery-server-rhel9
  • *
rhosdt/opentelemetry-rhel8-operator
  • *
rhpam-7/rhpam-businesscentral-rhel8
  • *
rhosdt/opentelemetry-collector-rhel8
  • *
registry.redhat.io/rhosdt/tempo-rhel8
  • *
rhpam-7/rhpam-process-migration-rhel8
  • *
web-terminal/web-terminal-tooling-rhel9
  • *
cert-manager/jetstack-cert-manager-rhel9
  • *
web-terminal/web-terminal-rhel9-operator
  • *
openshift-serverless-1/logic-rhel8-operator
  • *
registry.redhat.io/rhosdt/tempo-query-rhel8
  • *
rhosdt/opentelemetry-target-allocator-rhel8
  • *
openshift-serverless-1/logic-operator-bundle
  • *
insights-proxy/insights-proxy-container-rhel9
  • *
registry.redhat.io/rhosdt/tempo-gateway-rhel8
  • *
compliance/openshift-compliance-openscap-rhel8
  • *
openshift-serverless-1/logic-swf-builder-rhel8
  • *
openshift-serverless-1/logic-swf-devmode-rhel8
  • *
registry.redhat.io/rhosdt/tempo-rhel8-operator
  • *
rhpam-7/rhpam-businesscentral-monitoring-rhel8
  • *
openshift-sandboxed-containers/osc-monitor-rhel9
  • *
registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8
  • *
registry.redhat.io/rhosdt/tempo-jaeger-query-rhel8
  • *
openshift-serverless-1/logic-db-migrator-tool-rhel8
  • *
registry.redhat.io/discovery/discovery-server-rhel9
  • *
openshift-serverless-1/logic-management-console-rhel8
  • *
openshift-sandboxed-containers/osc-podvm-builder-rhel9
  • *
openshift-sandboxed-containers/osc-podvm-payload-rhel9
  • *
registry.redhat.io/rhosdt/opentelemetry-rhel8-operator
  • *
openshift-serverless-1/logic-data-index-ephemeral-rhel8
  • *
registry.redhat.io/rhosdt/opentelemetry-collector-rhel8
  • *
openshift-serverless-1/logic-data-index-postgresql-rhel8
  • *
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8
  • *
openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9
  • *
openshift-serverless-1/logic-jobs-service-postgresql-rhel8
  • *
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8
  • *
registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8
  • *
registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9
  • *
registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9
  • *
registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9
  • *
registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9
  • *

Matching in nixpkgs

pkgs.pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

  • nixos-unstable -

pkgs.ipam

Cli based IPAM written in Go with PowerDNS support

pkgs.opam

Package manager for OCaml

  • nixos-unstable -

pkgs.paml

Phylogenetic Analysis by Maximum Likelihood (PAML)

  • nixos-unstable -

pkgs.dspam

Community Driven Antispam Filter

  • nixos-unstable -

pkgs.pamix

Pulseaudio terminal mixer

  • nixos-unstable -

pkgs.rspamd

Advanced spam filtering system

  • nixos-unstable -

pkgs.openpam

Open source PAM library that focuses on simplicity, correctness, and cleanliness

pkgs.pam_p11

Authentication with PKCS#11 modules

  • nixos-unstable -

pkgs.pam_u2f

PAM module for allowing authentication with a U2F device

  • nixos-unstable -

pkgs.pamixer

Pulseaudio command line mixer

  • nixos-unstable -

pkgs.pam_krb5

PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC

pkgs.pam_rssh

PAM module for authenticating via ssh-agent, written in Rust

  • nixos-unstable -

pkgs.linux-pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

  • nixos-unstable -

pkgs.ncpamixer

Terminal mixer for PulseAudio inspired by pavucontrol

  • nixos-unstable -

pkgs.opam2json

Convert opam file syntax to JSON

  • nixos-unstable -

pkgs.pam_gnupg

Unlock GnuPG keys on login

  • nixos-unstable -

pkgs.pam_mount

PAM module to mount volumes for a user session

  • nixos-unstable -

pkgs.pam_mysql

PAM authentication module against a MySQL database

pkgs.pam_pgsql

Support to authenticate against PostgreSQL for PAM-enabled appliations

pkgs.pamtester

Utility program to test the PAM facility

  • nixos-unstable -

pkgs.pam_ccreds

PAM module to locally authenticate using an enterprise identity when the network is unavailable

  • nixos-unstable -
    • nixpkgs-unstable 10

pkgs.pam_mktemp

PAM for login service to provide per-user private directories

  • nixos-unstable -

pkgs.pam_rundir

Provide user runtime directory on Linux systems

  • nixos-unstable -

pkgs.pam_tmpdir

PAM module for creating safe per-user temporary directories

  • nixos-unstable -

pkgs.apparmor-pam

Mandatory access control system - PAM service

  • nixos-unstable -

pkgs.opam-publish

Tool to ease contributions to opam repositories

  • nixos-unstable -

pkgs.pam-reattach

Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux)

  • nixos-unstable -

pkgs.nss_pam_ldapd

LDAP identity and authentication for NSS/PAM

  • nixos-unstable -

pkgs.opam-installer

Handle (un)installation from opam install files

  • nixos-unstable -

pkgs.pam-honeycreds

PAM module that sends warnings when fake passwords are used

  • nixos-unstable -

pkgs.rspamd-trainer

Grabs messages from a spam mailbox via IMAP and feeds them to Rspamd for training

Package maintainers

Permalink CVE-2024-10963
created 4 months, 3 weeks ago
Pam: improper hostname interpretation in pam_access leads to access control bypass

A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control.

Affected products

pam
  • <1.7.0
  • ==1.5.1
  • *
  • ==1.3.1
rhcos
  • *
odh-rhel8-operator
odh-dashboard-rhel8
odh-modelmesh-rhel8
odh-operator-bundle
odh-mm-rest-proxy-rhel8
odh-model-registry-rhel8
rhoai/odh-dashboard-rhel8
  • *
odh-kueue-controller-rhel8
odh-mlmd-grpc-server-rhel8
odh-model-controller-rhel8
odh-trustyai-service-rhel8
odh-training-operator-rhel8
odh-codeflare-operator-rhel8
odh-ml-pipelines-driver-rhel8
odh-notebook-controller-rhel8
odh-ml-pipelines-launcher-rhel8
odh-kf-notebook-controller-rhel8
odh-model-registry-operator-rhel8
odh-modelmesh-runtime-adapter-rhel8
odh-trustyai-service-operator-rhel8
odh-ml-pipelines-api-server-v2-rhel8
odh-kuberay-operator-controller-rhel8
odh-modelmesh-serving-controller-rhel8
odh-ml-pipelines-persistenceagent-v2-rhel8
odh-ml-pipelines-scheduledworkflow-v2-rhel8
registry.redhat.io/rhoai/odh-dashboard-rhel8
  • *
odh-data-science-pipelines-argo-argoexec-rhel8
odh-data-science-pipelines-operator-controller-rhel8
odh-data-science-pipelines-argo-workflowcontroller-rhel8

Matching in nixpkgs

pkgs.pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

  • nixos-unstable -

pkgs.ipam

Cli based IPAM written in Go with PowerDNS support

pkgs.opam

Package manager for OCaml

  • nixos-unstable -

pkgs.paml

Phylogenetic Analysis by Maximum Likelihood (PAML)

  • nixos-unstable -

pkgs.dspam

Community Driven Antispam Filter

  • nixos-unstable -

pkgs.pamix

Pulseaudio terminal mixer

  • nixos-unstable -

pkgs.rspamd

Advanced spam filtering system

  • nixos-unstable -

pkgs.openpam

Open source PAM library that focuses on simplicity, correctness, and cleanliness

pkgs.pam_p11

Authentication with PKCS#11 modules

  • nixos-unstable -

pkgs.pam_u2f

PAM module for allowing authentication with a U2F device

  • nixos-unstable -

pkgs.pamixer

Pulseaudio command line mixer

  • nixos-unstable -

pkgs.pam_krb5

PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC

pkgs.pam_rssh

PAM module for authenticating via ssh-agent, written in Rust

  • nixos-unstable -

pkgs.linux-pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

  • nixos-unstable -

pkgs.ncpamixer

Terminal mixer for PulseAudio inspired by pavucontrol

  • nixos-unstable -

pkgs.opam2json

Convert opam file syntax to JSON

  • nixos-unstable -

pkgs.pam_gnupg

Unlock GnuPG keys on login

  • nixos-unstable -

pkgs.pam_mount

PAM module to mount volumes for a user session

  • nixos-unstable -

pkgs.pam_mysql

PAM authentication module against a MySQL database

pkgs.pam_pgsql

Support to authenticate against PostgreSQL for PAM-enabled appliations

pkgs.pamtester

Utility program to test the PAM facility

  • nixos-unstable -

pkgs.pam_ccreds

PAM module to locally authenticate using an enterprise identity when the network is unavailable

  • nixos-unstable -
    • nixpkgs-unstable 10

pkgs.pam_mktemp

PAM for login service to provide per-user private directories

  • nixos-unstable -

pkgs.pam_rundir

Provide user runtime directory on Linux systems

  • nixos-unstable -

pkgs.pam_tmpdir

PAM module for creating safe per-user temporary directories

  • nixos-unstable -

pkgs.apparmor-pam

Mandatory access control system - PAM service

  • nixos-unstable -

pkgs.opam-publish

Tool to ease contributions to opam repositories

  • nixos-unstable -

pkgs.pam-reattach

Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux)

  • nixos-unstable -

pkgs.nss_pam_ldapd

LDAP identity and authentication for NSS/PAM

  • nixos-unstable -

pkgs.opam-installer

Handle (un)installation from opam install files

  • nixos-unstable -

pkgs.pam-honeycreds

PAM module that sends warnings when fake passwords are used

  • nixos-unstable -

pkgs.rspamd-trainer

Grabs messages from a spam mailbox via IMAP and feeds them to Rspamd for training

Package maintainers

Permalink CVE-2024-10041
created 4 months, 3 weeks ago
Pam: libpam: libpam vulnerable to read hashed password

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

Affected products

pam
  • *
  • <1.6.0

Matching in nixpkgs

pkgs.pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

  • nixos-unstable -

pkgs.ipam

Cli based IPAM written in Go with PowerDNS support

pkgs.opam

Package manager for OCaml

  • nixos-unstable -

pkgs.paml

Phylogenetic Analysis by Maximum Likelihood (PAML)

  • nixos-unstable -

pkgs.dspam

Community Driven Antispam Filter

  • nixos-unstable -

pkgs.pamix

Pulseaudio terminal mixer

  • nixos-unstable -

pkgs.rspamd

Advanced spam filtering system

  • nixos-unstable -

pkgs.openpam

Open source PAM library that focuses on simplicity, correctness, and cleanliness

pkgs.pam_p11

Authentication with PKCS#11 modules

  • nixos-unstable -

pkgs.pam_u2f

PAM module for allowing authentication with a U2F device

  • nixos-unstable -

pkgs.pamixer

Pulseaudio command line mixer

  • nixos-unstable -

pkgs.pam_krb5

PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC

pkgs.pam_rssh

PAM module for authenticating via ssh-agent, written in Rust

  • nixos-unstable -

pkgs.linux-pam

Pluggable Authentication Modules, a flexible mechanism for authenticating user

  • nixos-unstable -

pkgs.ncpamixer

Terminal mixer for PulseAudio inspired by pavucontrol

  • nixos-unstable -

pkgs.opam2json

Convert opam file syntax to JSON

  • nixos-unstable -

pkgs.pam_gnupg

Unlock GnuPG keys on login

  • nixos-unstable -

pkgs.pam_mount

PAM module to mount volumes for a user session

  • nixos-unstable -

pkgs.pam_mysql

PAM authentication module against a MySQL database

pkgs.pam_pgsql

Support to authenticate against PostgreSQL for PAM-enabled appliations

pkgs.pamtester

Utility program to test the PAM facility

  • nixos-unstable -

pkgs.pam_ccreds

PAM module to locally authenticate using an enterprise identity when the network is unavailable

  • nixos-unstable -
    • nixpkgs-unstable 10

pkgs.pam_mktemp

PAM for login service to provide per-user private directories

  • nixos-unstable -

pkgs.pam_rundir

Provide user runtime directory on Linux systems

  • nixos-unstable -

pkgs.pam_tmpdir

PAM module for creating safe per-user temporary directories

  • nixos-unstable -

pkgs.apparmor-pam

Mandatory access control system - PAM service

  • nixos-unstable -

pkgs.opam-publish

Tool to ease contributions to opam repositories

  • nixos-unstable -

pkgs.pam-reattach

Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux)

  • nixos-unstable -

pkgs.nss_pam_ldapd

LDAP identity and authentication for NSS/PAM

  • nixos-unstable -

pkgs.opam-installer

Handle (un)installation from opam install files

  • nixos-unstable -

pkgs.pam-honeycreds

PAM module that sends warnings when fake passwords are used

  • nixos-unstable -

pkgs.rspamd-trainer

Grabs messages from a spam mailbox via IMAP and feeds them to Rspamd for training

Package maintainers