USN-7580-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-7580-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7580-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-7580-1
Upstream
Related
Published
2025-06-18T16:28:52.960295Z
Modified
2025-07-16T08:36:27.329547Z
Summary
pam vulnerability
Details

Olivier BAL-PETRE discovered that the PAM pamnamespace module incorrectly handled user-controlled paths. In environments where pamnamespace is used, a local attacker could possibly use this issue to escalate their privileges to root.

References

Affected packages

Ubuntu:22.04:LTS / pam

Package

Name
pam
Purl
pkg:deb/ubuntu/pam@1.4.0-11ubuntu2.6?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.0-11ubuntu2.6

Affected versions

1.*

1.3.1-5ubuntu11
1.4.0-10ubuntu1
1.4.0-10ubuntu2
1.4.0-11ubuntu1
1.4.0-11ubuntu2
1.4.0-11ubuntu2.1
1.4.0-11ubuntu2.3
1.4.0-11ubuntu2.4
1.4.0-11ubuntu2.5

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "1.4.0-11ubuntu2.6",
            "binary_name": "libpam-cracklib"
        },
        {
            "binary_version": "1.4.0-11ubuntu2.6",
            "binary_name": "libpam-cracklib-dbgsym"
        },
        {
            "binary_version": "1.4.0-11ubuntu2.6",
            "binary_name": "libpam-doc"
        },
        {
            "binary_version": "1.4.0-11ubuntu2.6",
            "binary_name": "libpam-modules"
        },
        {
            "binary_version": "1.4.0-11ubuntu2.6",
            "binary_name": "libpam-modules-bin"
        },
        {
            "binary_version": "1.4.0-11ubuntu2.6",
            "binary_name": "libpam-modules-bin-dbgsym"
        },
        {
            "binary_version": "1.4.0-11ubuntu2.6",
            "binary_name": "libpam-modules-dbgsym"
        },
        {
            "binary_version": "1.4.0-11ubuntu2.6",
            "binary_name": "libpam-runtime"
        },
        {
            "binary_version": "1.4.0-11ubuntu2.6",
            "binary_name": "libpam0g"
        },
        {
            "binary_version": "1.4.0-11ubuntu2.6",
            "binary_name": "libpam0g-dbgsym"
        },
        {
            "binary_version": "1.4.0-11ubuntu2.6",
            "binary_name": "libpam0g-dev"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:24.04:LTS / pam

Package

Name
pam
Purl
pkg:deb/ubuntu/pam@1.5.3-5ubuntu5.4?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.3-5ubuntu5.4

Affected versions

1.*

1.5.2-6ubuntu1
1.5.2-9.1ubuntu1
1.5.2-9.1ubuntu2
1.5.2-9.1ubuntu3
1.5.3-5ubuntu3
1.5.3-5ubuntu4
1.5.3-5ubuntu5
1.5.3-5ubuntu5.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "1.5.3-5ubuntu5.4",
            "binary_name": "libpam-doc"
        },
        {
            "binary_version": "1.5.3-5ubuntu5.4",
            "binary_name": "libpam-modules"
        },
        {
            "binary_version": "1.5.3-5ubuntu5.4",
            "binary_name": "libpam-modules-bin"
        },
        {
            "binary_version": "1.5.3-5ubuntu5.4",
            "binary_name": "libpam-modules-bin-dbgsym"
        },
        {
            "binary_version": "1.5.3-5ubuntu5.4",
            "binary_name": "libpam-modules-dbgsym"
        },
        {
            "binary_version": "1.5.3-5ubuntu5.4",
            "binary_name": "libpam-runtime"
        },
        {
            "binary_version": "1.5.3-5ubuntu5.4",
            "binary_name": "libpam0g"
        },
        {
            "binary_version": "1.5.3-5ubuntu5.4",
            "binary_name": "libpam0g-dbgsym"
        },
        {
            "binary_version": "1.5.3-5ubuntu5.4",
            "binary_name": "libpam0g-dev"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:25.04 / pam

Package

Name
pam
Purl
pkg:deb/ubuntu/pam@1.5.3-7ubuntu4.3?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.3-7ubuntu4.3

Affected versions

1.*

1.5.3-7ubuntu2
1.5.3-7ubuntu4

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "1.5.3-7ubuntu4.3",
            "binary_name": "libpam-doc"
        },
        {
            "binary_version": "1.5.3-7ubuntu4.3",
            "binary_name": "libpam-modules"
        },
        {
            "binary_version": "1.5.3-7ubuntu4.3",
            "binary_name": "libpam-modules-bin"
        },
        {
            "binary_version": "1.5.3-7ubuntu4.3",
            "binary_name": "libpam-modules-bin-dbgsym"
        },
        {
            "binary_version": "1.5.3-7ubuntu4.3",
            "binary_name": "libpam-modules-dbgsym"
        },
        {
            "binary_version": "1.5.3-7ubuntu4.3",
            "binary_name": "libpam-runtime"
        },
        {
            "binary_version": "1.5.3-7ubuntu4.3",
            "binary_name": "libpam0g"
        },
        {
            "binary_version": "1.5.3-7ubuntu4.3",
            "binary_name": "libpam0g-dbgsym"
        },
        {
            "binary_version": "1.5.3-7ubuntu4.3",
            "binary_name": "libpam0g-dev"
        }
    ],
    "availability": "No subscription required"
}