Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 918562 (CVE-2022-26563)

Summary: <app-admin/monit-5.32.0: PAM authentication allows login for disabled users
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: ajak, patrick
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bitbucket.org/tildeslash/monit/commits/6ecaab1d375f33165fe98d06d92f36c949c0ea11
Whiteboard: B4 [cleanup glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 935805    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-25 22:25:35 UTC
CVE-2022-26563:

An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.

The fix commit doesn't seem to be in any tag?
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-07-10 03:10:42 UTC
Not sure how 5.31 was selected as the fixed version?

~/git/monit $ git tag --contains 6ecaab1d375f33165fe98d06d92f36c949c0ea11
release-5-32-0
release-5-33-0
release-5-34-0