Описание
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | pam | Not affected | ||
| Red Hat Enterprise Linux 6 | pam | Not affected | ||
| Red Hat Enterprise Linux 7 | pam | Not affected | ||
| Red Hat Enterprise Linux 8 | pam | Not affected | ||
| Red Hat Virtualization 4 | pam | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-284
https://bugzilla.redhat.com/show_bug.cgi?id=1652593pam: pam_access.so doesn't properly handle ip addresses and subnets filtering
EPSS
Процентиль: 62%
0.00434
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 7 лет назад
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
CVSS3: 7.5
nvd
около 7 лет назад
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
CVSS3: 7.5
debian
около 7 лет назад
A incorrect variable in a SUSE specific patch for pam_access rule matc ...
EPSS
Процентиль: 62%
0.00434
Низкий
7.5 High
CVSS3