CVE-2024-10963: 
Rocky Linux vulnerability analysis and mitigation

A flaw was found in pamaccess (CVE-2024-10963), where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability was discovered in November 2024 and affects the Pluggable Authentication Modules (PAM) system, specifically impacting systems that rely on pamaccess for controlling access to services or terminals (NVD, Red Hat).

The vulnerability exists in the pam_access module where it incorrectly interprets local access.conf rules as remote hostnames. This flaw was introduced in version 1.5.3 and affects the authentication mechanism. The issue has a CVSS v3.1 base score of 7.4 (High), with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N (Ubuntu, NVD).

This vulnerability allows attackers to bypass access restrictions by spoofing hostnames, potentially gaining unauthorized access to systems. The issue compromises configurations intended to restrict local access only, affecting systems that rely on pam_access feature to control who can access certain services or terminals (Red Hat).

A fix has been released that introduces a new option called 'nodns' that reverts behavior to pre-1.5.3 and safely allows tty/service names in access.conf. Updates are available for various versions of Red Hat Enterprise Linux and OpenShift Container Platform. Users are advised to upgrade to the patched versions (Ubuntu, Red Hat).