CVE-2025-24031:在要求输入 PIN 时按下 Ctrl-C/Ctrl-D 导致段错误 当用户在输入 PIN 提示过程中按下 Ctrl-C 或 Ctrl-D 时,此漏洞会导致 PAM-PKCS#11 模块崩溃。虽然这个漏洞可能不会直接导致权限提升,但它可被用于破坏服务,或者有可能造成拒绝服务的情况。 建议 强烈建议使用 PAM-PKCS#11 的用户将其系统...
pkcs11_inspect: argument /usr/bin/pkcs11_inspect is not supported by this module This update applies a patch that improves the code, and the unnecessary error messages are no longer generated. All users of pam_pkcs11 are advised to upgrade to this updated package, which fixes this bug. ...
PAM-PKCS#11是OpenSC开源的一个登录模块。 PAM-PKCS#11 0.6.12及之前版本存在代码问题漏洞,该漏洞源于未正确处理用户取消输入PIN操作,导致段错误,可能导致使用PAM的守护进程崩溃。 参考资料 来源:github.com 链接:https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_...
smart > card login is enabled and smart cards are autodetected. Even then, an > affected "gdm-smartcard" PAM stack still needs to be in place for the > issue to trigger. gdm-smartcard PAM stacks relying on pam_pkcs11 are > found in the GDM repository for: > > - Arch Linux [22]...
4.136.1.RHBA-2012:0215 — pam_pkcs11 bug fix update An updated pam_pkcs11 package that fixes a bug is now available for Red Hat Enterprise Linux 5. The pam_pkcs11 package allows X.509 certificate-based user authentication. It provides access to the certificate and its dedicated private key...
Message-ID: <643e3e53-6d68-4a16-9933-cdb13aecea42@gmail.com> Date: Thu, 6 Feb 2025 22:48:53 -0600 From: Jacob Bachmeyer <jcb62281@...il.com> To: oss-security@...ts.openwall.com, Matthias Gerstner <mgerstner@...e.de> Subject: Re: pam_pkcs11: Possible Authentication Bypass in...
02/14/2025 Modified 02/19/2025 Description Possible Authentication Bypass in Error Situations Solution(s) debian-upgrade-pam-pkcs11 References https://attackerkb.com/topics/cve-2025-24531 CVE - 2025-24531 DSA-5864-1 Advanced vulnerability management analytics and reporting. ...
libpam-pkcs11_0.6.13-1_amd64.deb 150.2 KB 2025-02-09 05:47 libpam-pkcs11_0.6.13-1_arm64.deb 144.3 KB 2025-02-09 05:52 libpam-pkcs11_0.6.13-1_armel.deb 125.6 KB 2025-02-09 05:52 libpam-pkcs11_0.6.13-1_armhf.deb 130.2 KB 2025-02-09 05:47 libpam-pkcs11_0.6.13-1_i3...
I am trying to setup pam_pkcs11 using an OpenPGP card. Everything seems to work except the signature verification. Here is a snipped from the output: DEBUG:pam_pkcs11.c:618: certificate is valid and matches the user Checking signature DE...
etc/pam_pkcs11.conf.example.in # CRLs # "signature" Does a signature check to ensure that private # and public key matches # "no_signature" The only value that disables signature check Member Jakuje Feb 24, 2025 This needs to be updated also in the documentation. I initially ...