SB2024100507 - Privilege escalation in Authd PAM module

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Authentication (CVE-ID: CVE-2024-9313)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote user to impersonate other users.

The vulnerability exists due to an error in the authd PAM module that cal allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. A remote user can use tools such as su, sudo or ssh (and potentially others) that, so far, do not ensure that the PAM user at the end of the transaction is matching the one who initiated the transaction.

Remediation

Install update from vendor's website.

References

• https://github.com/ubuntu/authd/security/advisories/GHSA-x5q3-c8rm-w787
• https://github.com/canonical/authd/security/advisories/GHSA-x5q3-c8rm-w787