SB2025032541 - Multiple vulnerabilities in OpenSC pam_pkcs11

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2025-24031)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in pam_get_pwd. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

2) Improper authentication (CVE-ID: CVE-2025-24531)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an incorrect error handling during authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application.

3) Improper authentication (CVE-ID: CVE-2025-24032)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the default cert_policy value is set to "none". A remote attacker can forge a token and bypass authentication process.

Remediation

Install update from vendor's website.

References

• https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L211
• https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L797
• https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-wvr3-c9x3-9mff
• https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-7mf6-rg36-qgch
• https://github.com/OpenSC/pam_pkcs11/commit/470263258d1ac59c5eade439c4d9caba0097e6e6
• https://github.com/OpenSC/pam_pkcs11/commit/b665b287ff955bbbd9539252ff9f9e2754c3fb48
• https://github.com/OpenSC/pam_pkcs11/commit/d9530167966a77115db6e885d459382a2e52ee9e
• https://github.com/OpenSC/pam_pkcs11/releases/tag/pam_pkcs11-0.6.13
• https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-8r8p-7mgp-vf56
• https://lists.debian.org/debian-lts-announce/2025/02/msg00021.html