Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2025-1228)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.2.2025.1228

Categoría: Huawei EulerOS Local Security Checks

Título: Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2025-1228)

Resumen: The remote host is missing an update for the Huawei EulerOS 'pam' package(s) announced via the EulerOS-SA-2025-1228 advisory.

Descripción: Summary:
The remote host is missing an update for the Huawei EulerOS 'pam' package(s) announced via the EulerOS-SA-2025-1228 advisory.

Vulnerability Insight:
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.(CVE-2024-10963)

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.(CVE-2024-10041)

Affected Software/OS:
'pam' package(s) on Huawei EulerOS V2.0SP10.

Solution:
Please install the updated package(s).

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-10041
Common Vulnerability Exposure (CVE) ID: CVE-2024-10963

Copyright Copyright (C) 2025 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.2.2025.1228
Categoría:	Huawei EulerOS Local Security Checks
Título:	Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2025-1228)
Resumen:	The remote host is missing an update for the Huawei EulerOS 'pam' package(s) announced via the EulerOS-SA-2025-1228 advisory.
Descripción:	Summary: The remote host is missing an update for the Huawei EulerOS 'pam' package(s) announced via the EulerOS-SA-2025-1228 advisory. Vulnerability Insight: A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.(CVE-2024-10963) A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.(CVE-2024-10041) Affected Software/OS: 'pam' package(s) on Huawei EulerOS V2.0SP10. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-10041 Common Vulnerability Exposure (CVE) ID: CVE-2024-10963
Copyright	Copyright (C) 2025 Greenbone AG