The Vulnerability (CVE-2024-10963)
Our Root Labs team has been tracking an important HIGH (CVSS score of 7.4) security vulnerability in LibPam (Pluggable Authentication Modules) that compromises access control mechanisms. It was formally reported through NVD on November 7, 2024. The flaw (tracked as Bugzilla 2324291) allows attackers to bypass local access restrictions through hostname spoofing:
- Attack Vector: Attackers with root privileges on networked devices can impersonate trusted service names
- Impact: Bypass of access controls intended for specific local TTYs or services
- Risk Level: Important severity (CWE-287: Improper Authentication)
- Affected Systems: Environments using access.conf for service or terminal access control
This vulnerability puts millions of Linux systems at risk, especially those relying on access.conf configurations for access control.
Technical Impact
The vulnerability is particularly concerning because:
- It requires minimal effort to exploit
- Attackers can bypass security policies that rely on access.conf configurations
- Local TTY and service name restrictions can be circumvented through DNS hostname spoofing
Current Patch Status
The vulnerability continues to affect multiple major Linux distributions:
- ⚠️ Debian lists this as vulnerable (as of 12/3)
- ⚠️ Ubuntu lists this as vulnerable (as of 12/3)
- ☑️ Red Hat has released patches for RHEL 8 and 9
Immediate Protection with Root.io
While some distributions are still working on their patches:
✅ Root.io has already implemented a fix and made it available through our automated image patching service.
Our solution provides:
- Patches for immediate protection against CVE-2024-10963 for any Debian Bookworm-based image
- Seamless integration into CI/CD pipelines for real-time patching
- Patches for other lib-pam CVEs
- Continuous monitoring for new vulnerabilities
- Additional updates and security patches as new vulnerabilities emerge
⚡ Root.io delivers zero-downtime protection by surgically remediating vulnerabilities directly in your Docker images, without requiring base image rebuilds or disrupting workflows.
Recommended Actions
For immediate protection:
- Sign up for a Root.io account at www.root.io
- Run your Debian-bookworm based image through our automatic patching service.
- Get your fully patched and secured image back. (Including a patch for CVE-2024-10963)
- Deploy with confidence, knowing you're protected.
- Watch your Critical and High vulnerabilities go to Zero.
For systems not yet using Root.io:
- Verify no DNS hostname matches local TTY or service names in pam_access
- Enable DNSSEC to prevent DNS response spoofing
- Configure pam_access to accept only fully qualified domain names (FQDNs) in access.conf
- Monitor vendor security announcements for official patches.
These manual steps are crucial but time-consuming. Root.io simplifies this process, offering instant remediation and protection against CVE-2024-10963 with no effort required on your end.
➡️ Visit www.root.io now for immediate protection against CVE-2024-10963 ⬅️
