CVE-2026-3184
Hostname Canonicalization Flaw in util-linux login Allows Access Bypass
Publication date: 2026-04-03
Last updated on: 2026-05-01
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | hardened_images | * |
| kernel | util-linux | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-289 | The product performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in the util-linux package, specifically in the login(1) utility when used with the -h option. The issue is improper hostname canonicalization, meaning the supplied remote hostname can be altered before it is set as PAM_RHOST.
A remote attacker can exploit this by providing a specially crafted hostname, which may bypass host-based Pluggable Authentication Modules (PAM) access control rules that depend on fully qualified domain names.
This flaw can lead to unauthorized access because the hostname used for authentication checks can be manipulated.
How can this vulnerability impact me? :
The vulnerability can allow a remote attacker to bypass host-based PAM access control rules by manipulating the hostname used during login authentication.
This could result in unauthorized access to systems that rely on hostname-based authentication controls, potentially compromising system security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an attacker to bypass host-based PAM access control rules, potentially leading to unauthorized remote logins.
Such unauthorized access could impact compliance with standards and regulations like GDPR and HIPAA, which require strict access controls to protect sensitive data.
However, the provided information does not explicitly discuss the direct effects on compliance with these regulations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the login(1) utility in util-linux when invoked with the -h option, which affects hostname canonicalization and PAM_RHOST setting.
To detect if your system is vulnerable, you should check if your system uses the login(1) utility with the -h option in remote login methods such as telnet or rlogin daemons, or custom wrappers.
Additionally, verify if your PAM configuration uses host-based access control modules like pam_access that rely on PAM_RHOST and differentiate between fully qualified domain names (FQDNs) and short hostnames.
You can check for the presence of the util-linux package and its version to determine if it includes the vulnerable login utility.
- Check util-linux package version: `rpm -q util-linux` (on RPM-based systems) or `dpkg -s util-linux` (on Debian-based systems).
- Inspect PAM configuration files for pam_access usage: `grep pam_access /etc/pam.d/*`.
- Check if login(1) is invoked with the -h option in remote login services or wrappers by reviewing service configurations or scripts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include preventing the exploitation of the hostname canonicalization flaw in the login(1) utility.
- Avoid using remote login methods that invoke login(1) with the -h option, such as telnet or rlogin daemons, until a patch is applied.
- Review and tighten PAM access control rules, especially those relying on PAM_RHOST and hostname canonicalization, to reduce reliance on hostname-based access control.
- Apply any available patches or updates to the util-linux package that address this vulnerability.
- Consider disabling or restricting remote login services that use vulnerable login(1) invocations.