CVE-2024-6126
published 2024-07-03CVE-2024-6126: A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which…
PriorityP49low3.2CVSS 3.1
AVLACLPRLUIRSCCNINAL
EPSS
0.27%
17.9th percentile
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| agentejo | cockpit | >= 0 < 287.1-0+deb12u3 | 287.1-0+deb12u3 |
| agentejo | cockpit | >= 0 < 320-1 | 320-1 |
| agentejo | cockpit | >= 0 < 320-1 | 320-1 |
| debian | cockpit | < cockpit 287.1-0+deb12u3 (bookworm) | cockpit 287.1-0+deb12u3 (bookworm) |
CVSS provenance
nvdv3.13.2LOWCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
osv3.2LOW
vendor_debian3.2LOW
vendor_redhat3.2LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
cockpit: Authenticated user can kill any process when enabling pam_env's user_readenv option
vendor_redhat·2024-07-03·CVSS 3.2
CVE-2024-6126 [LOW] CWE-400 cockpit: Authenticated user can kill any process when enabling pam_env's user_readenv option
cockpit: Authenticated user can kill any process when enabling pam_env's user_readenv option
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.
Statement: This vulnerability requires enabling the pam_env.so's "user_readenv" option. It disabled by default in Fedora and RHEL, and marked as deprecated/unsafe. In Debian/OpenSUSE it has enabled by default.
Mitigation: Disable pam_env's `user_readenv` option in PAM config.
Package: cockpit (Red Hat Ent
Debian
CVE-2024-6126: cockpit - A flaw was found in the cockpit package. This flaw allows an authenticated user ...
vendor_debian·2024·CVSS 3.2
CVE-2024-6126 [LOW] CVE-2024-6126: cockpit - A flaw was found in the cockpit package. This flaw allows an authenticated user ...
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.
Scope: local
bookworm: resolved (fixed in 287.1-0+deb12u3)
bullseye: open
forky: resolved (fixed in 320-1)
sid: resolved (fixed in 320-1)
trixie: resolved (fixed in 320-1)
OSV
CVE-2024-6126: A flaw was found in the cockpit package
osv·2024-07-03·CVSS 3.2
CVE-2024-6126 [LOW] CVE-2024-6126: A flaw was found in the cockpit package
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.
GHSA
GHSA-g6h4-j28x-38g5: A flaw was found in the cockpit package
ghsa_unreviewed·2024-07-03
CVE-2024-6126 [LOW] CWE-400 GHSA-g6h4-j28x-38g5: A flaw was found in the cockpit package
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.
No detection rules found.
No public exploits indexed.
2024-07-03
Published