get started >

Blog
Features

Root.io Delivers Fix for Critical LibPam Vulnerability

November 26, 2024
5 min read
John Amaral

The Vulnerability (CVE-2024-10963)

Our Root Labs team has been tracking an important HIGH  (CVSS score of 7.4) security vulnerability in LibPam (Pluggable Authentication Modules) that compromises access control mechanisms. It was formally reported through NVD on November 7, 2024. The flaw (tracked as Bugzilla 2324291) allows attackers to bypass local access restrictions through hostname spoofing:

  • Attack Vector: Attackers with root privileges on networked devices can impersonate trusted service names
  • Impact: Bypass of access controls intended for specific local TTYs or services
  • Risk Level: Important severity (CWE-287: Improper Authentication)
  • Affected Systems: Environments using access.conf for service or terminal access control

This vulnerability puts millions of Linux systems at risk, especially those relying on access.conf configurations for access control.

Technical Impact

The vulnerability is particularly concerning because:

  • It requires minimal effort to exploit
  • Attackers can bypass security policies that rely on access.conf configurations
  • Local TTY and service name restrictions can be circumvented through DNS hostname spoofing

Current Patch Status

The vulnerability continues to affect multiple major Linux distributions:

Immediate Protection with Root.io

While some distributions are still working on their patches:

Root.io has already implemented a fix and made it available through our automated image patching service.

Our solution provides:

  • Patches for immediate protection against CVE-2024-10963 for any Debian Bookworm-based image
  • Seamless integration into CI/CD pipelines for real-time patching
  • Patches for other lib-pam CVEs
  • Continuous monitoring for new vulnerabilities
  • Additional updates and security patches as new vulnerabilities emerge

Root.io delivers zero-downtime protection by surgically remediating vulnerabilities directly in your Docker images, without requiring base image rebuilds or disrupting workflows.

Recommended Actions

For immediate protection:

  1. Sign up for a Root.io account at www.root.io
  2. Run your Debian-bookworm based image through our automatic patching service.
  3. Get your fully patched and secured image back. (Including a patch for CVE-2024-10963)
  4. Deploy with confidence, knowing you're protected.
  5. Watch your Critical and High vulnerabilities go to Zero.

For systems not yet using Root.io:

  • Verify no DNS hostname matches local TTY or service names in pam_access
  • Enable DNSSEC to prevent DNS response spoofing
  • Configure pam_access to accept only fully qualified domain names (FQDNs) in access.conf
  • Monitor vendor security announcements for official patches.

These manual steps are crucial but time-consuming. Root.io simplifies this process, offering instant remediation and protection against CVE-2024-10963 with no effort required on your end.

➡️ Visit www.root.io now for immediate protection against CVE-2024-10963 ⬅️

Unleash Simplicity in Container Security


Discover the power of automated container vulnerability management.
Get Started