CVEs impacting Linux Debian

book

Article ID: 140384

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Do these CVE's impact PAM version 3.3?

  •  

CVE-2019-15846  https://www.cvedetails.com/cve/CVE-2019-15846/

CVE-2019-1391

CVE-2017-11176 (Vendor: Debian & Linux; Product: Linux Kernel) https://www.cvedetails.com/cve/CVE-2017-11176/

CVE-2018-6574 (Vendor: Golang, Debian, & Redhat; Product: Go, Debian Linux, & Enterprise Linux Server)

CVE-2018-7600 (Vendor: Drupal; Product: Drupal & Debian Linux)

CVE-2018-7602 (Vendor: Drupal; Product: Drupal & Debian Linux))

 

Environment

Release : 3.3

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

None of these vulnerabilities affect PAM 3.3:

 

CVE-2019-15846  EXIM4 vulnerability - Not installed on PAM appliance

CVE-2019-1391 - Windows vulnerability - PAM not affected

CVE-2017-11176 - Affects Linux kernels 4.11.9 and older - PAM 3.3 uses a 4.14 kernel, which is not affected. PAM 3.2 is running a vulnerable kernel, but is not affected either, because the vulnerability requires the attacker to be logged in locally, which is not possible with the PAM server.

CVE-2018-6574 - Golang vulnerability - Not installed on PAM appliance

CVE-2018-7600 - Drupal vulnerability - Not installed on PAM appliance

CVE-2018-7602 - Drupal vulnerability - Not installed on PAM appliance