CVE-2017-12197

描述

It was found that libpam4j prior to 1.10 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.

如何修補 CVE-2017-12197

要修補 CVE-2017-12197,請將受影響套件升級到下列已修補版本。

• Debian/libpam4j—升級至 1.4-2+deb7u1 或更新版本
• —升級至 1.4-2+deb8u1 或更新版本
• —升級至 1.10 或更新版本

CVE-2017-12197 正在被利用嗎?

低 — EPSS 為 0.5%,目前沒有觀察到大規模利用活動。

受影響套件(3)

• from 0, < 1.4-2+deb7u1
• from 0, < 1.4-2+deb8u1
• from 0, < 1.10

CVSS 分數

參考連結(10)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2017-12197
• PATCHgithub.com/kohsuke/libpam4j
• WEBaccess.redhat.com/errata/RHSA-2017:2904
• WEBaccess.redhat.com/errata/RHSA-2017:2905
• WEBaccess.redhat.com/errata/RHSA-2017:2906