Test ID:	1.3.6.1.4.1.25623.1.1.2.2025.1278
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2025-1278)
Summary:	The remote host is missing an update for the Huawei EulerOS 'pam' package(s) announced via the EulerOS-SA-2025-1278 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'pam' package(s) announced via the EulerOS-SA-2025-1278 advisory. Vulnerability Insight: A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.(CVE-2024-10963) A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.(CVE-2024-10041) Affected Software/OS: 'pam' package(s) on Huawei EulerOS V2.0SP9. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-10041 Common Vulnerability Exposure (CVE) ID: CVE-2024-10963
Copyright	Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.