CVEs impacting Linux Debian

Article Id: 140384

Status: Published

Updated On: 22-11-2019 18:24

Products:

CA Privileged Access Manager (PAM)

Issue/Introduction:

Do these CVE's impact PAM version 3.3?

CVE-2019-15846 https://www.cvedetails.com/cve/CVE-2019-15846/

CVE-2019-1391

CVE-2017-11176 (Vendor: Debian & Linux; Product: Linux Kernel) https://www.cvedetails.com/cve/CVE-2017-11176/

CVE-2018-6574 (Vendor: Golang, Debian, & Redhat; Product: Go, Debian Linux, & Enterprise Linux Server)

CVE-2018-7600 (Vendor: Drupal; Product: Drupal & Debian Linux)

CVE-2018-7602 (Vendor: Drupal; Product: Drupal & Debian Linux))

Environment:

Release : 3.3

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution:

None of these vulnerabilities affect PAM 3.3:

CVE-2019-15846 EXIM4 vulnerability - Not installed on PAM appliance

CVE-2019-1391 - Windows vulnerability - PAM not affected

CVE-2017-11176 - Affects Linux kernels 4.11.9 and older - PAM 3.3 uses a 4.14 kernel, which is not affected. PAM 3.2 is running a vulnerable kernel, but is not affected either, because the vulnerability requires the attacker to be logged in locally, which is not possible with the PAM server.

CVE-2018-6574 - Golang vulnerability - Not installed on PAM appliance

CVE-2018-7600 - Drupal vulnerability - Not installed on PAM appliance

CVE-2018-7602 - Drupal vulnerability - Not installed on PAM appliance