Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2025.1228
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2025-1228)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'pam' package(s) announced via the EulerOS-SA-2025-1228 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'pam' package(s) announced via the EulerOS-SA-2025-1228 advisory. Vulnerability Insight: A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.(CVE-2024-10963) A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.(CVE-2024-10041) Affected Software/OS: 'pam' package(s) on Huawei EulerOS V2.0SP10. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2024-10041 Common Vulnerability Exposure (CVE) ID: CVE-2024-10963
Copyright	Copyright (C) 2025 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.