PT-2022-6875 · Tildeslash+4 · Tildeslash Monit+4

Published

2021-10-19

Updated

2024-11-26

CVE-2022-26563

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tildeslash Monit versions prior to 5.31.0

Description An issue in Tildeslash Monit allows remote attackers to gain escalated privileges due to improper PAM-authorization. The vulnerability is related to the PAMcheckPasswd() function, which has weaknesses in its authorization procedure. This can be exploited by a remote attacker to elevate their privileges.

Recommendations For versions prior to 5.31.0, update to version 5.31.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the PAMcheckPasswd() function until a patch is applied.

Fix

Incorrect Authorization

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-20

Related Identifiers

ALT-PU-2023-4661

ALT-PU-2023-4662

ALT-PU-2023-4975

BDU:2023-05304

BDU:2023-05306

CVE-2022-26563

ROSA-SA-2024-2524

USN-6571-1

Affected Products

Alt Linux

Debian

Linuxmint

Tildeslash Monit

Ubuntu

PT-2022-6875 · Tildeslash+4 · Tildeslash Monit+4

CVE-2022-26563

Weakness Enumeration

Related Identifiers

Affected Products

References · 20