CVE-2026-3184
Public on 2026-02-28
Modified on 2026-02-28
Description
Improper hostname canonicalization in util-linux login(1) when invoked with -h can modify the supplied remote hostname before setting PAM_RHOST, potentially allowing bypass of host-based PAM access control rules (e.g., pam_access) that rely on fully qualified domain names.
(Description from https://bugzilla.redhat.com/show_bug.cgi?id=2442570)
(Description from https://bugzilla.redhat.com/show_bug.cgi?id=2442570)
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | util-linux | Pending Fix | ||
| Amazon Linux 2023 | util-linux | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 3.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |