CNNVD-202506-1993 Information

Jun 17, 2025 cve

CNNVD ID

CNNVD-202506-1993

CVE-2025-6020

  • CNNVD Published: 2025-06-17

Description (Chinese)

Linux-pam是Linux团队的一款用于Linux的支持插拔式的系统身份验证软件。 Linux-pam存在安全漏洞,该漏洞源于pam_namespace模块使用用户控制路径时保护不足,可能导致本地用户通过符号链接攻击和竞争条件提升至root权限。

Description (English)

Linux-pam is a system authentication software for Linux support plug-in. There is a security loophole in Linux-pam, which stems from inadequate protection when the pam namespace module uses a user-controlled path, which may lead local users to increase to root privileges through symbolic link attacks and competitive conditions.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

LinuxServer.io

Published

2025-06-17

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 http://www.openwall.com/lists/oss-security/2025/06/17/1 https://access.redhat.com/errata/RHSA-2025:9526 https://access.redhat.com/errata/RHSA-2025:14557 https://access.redhat.com/errata/RHSA-2025:11487 https://access.redhat.com/errata/RHSA-2025:11386 https://access.redhat.com/errata/RHSA-2025:10823 https://access.redhat.com/errata/RHSA-2025:10735 https://access.redhat.com/errata/RHSA-2025:10362 https://access.redhat.com/errata/RHSA-2025:10361 https://access.redhat.com/errata/RHSA-2025:10359 https://access.redhat.com/errata/RHSA-2025:10358 https://access.redhat.com/errata/RHSA-2025:10357 https://access.redhat.com/errata/RHSA-2025:10354 https://access.redhat.com/errata/RHSA-2025:10180 https://access.redhat.com/errata/RHSA-2025:10027 https://access.redhat.com/errata/RHSA-2025:10024 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://access.redhat.com/security/cve/cve-2025-6020

Patch

https://github.com/linux-pam/linux-pam/releases

Share on: