CVE-2022-28321 Before 1.5.2-6.1, the pam_access.so module didn't restrict login if a user tried to connect from an IP address that is not resolvable via DNS.

It has been reported that before the Linux-PAM package 1.5.2-6.1 for openSUSE Tumbleweed was installed on a system, an attacker with control over the network could connect to the machine via SSH and would be allowed to log in because the pam_access.so module does not check the network address of the SSH host. This could give an attacker complete control over the system. It has been reported that before the Linux-PAM package 1.5.2-6.1 for openSUSE Tumbleweed was installed on a system, an attacker with control over the network could connect to the machine via SSH and would be allowed to log in because the pam_access.so module does not check the network address of the SSH host. This could give an attacker complete control over the system. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream.

CVE-2021-28318

On January 24, 2018, it was reported that the Linux-PAM package 1.5.2-6.1 for openSUSE Tumbleweed did not properly check the network address of the SSH host during login and could allow an attacker with control over the network to log into a machine without permission. This could give an attacker complete control over the system.

CVE-2023-28321

It has been reported that before the Linux-PAM package 1.5.2-6.1 for openSUSE Tumbleweed was installed on a system, an attacker with control over the network could connect to the machine via SSH and would be allowed to log in because the pam_access.so module does not check the network address of the SSH host. This could give an attacker complete control over the system. It has been reported that before the Linux-PAM package 1.5.2-6.1 for openSUSE Tumbleweed was installed on a system, an attacker with control over the network could connect to the machine via SSH and would be allowed to log in because the pam_access.so module does not check the network address of the SSH host. This could give an attacker complete control over the system. NOTE: this issue affects all versions of Linux-PAM from 3rd party packages (such as those found in Open Build Service packages), but it does not affect any upstream release of Linux-PAM).

Vulnerability details

It has been reported that before the Linux-PAM package 1.5.2-6.1 for openSUSE Tumbleweed was installed on a system, an attacker with control over the network could connect to the machine via SSH and would be allowed to log in because the pam_access.so module does not check the network address of the SSH host. This could give an attacker complete control over the system. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. The vulnerability was reported through Tenable's PGP key, which can be found at http://www.tenable.com/plugins/index.php?view=single&id=96469

References:

1. https://bugzilla.suse.com/CVE-2022-28321
2. http://www.openwall.com/lists/oss-security/2018/01/09/6

Outsourcing SEO can be a good idea for companies because it provides a way for brands to identify key strategic goals and then leave the complex process of meeting those goals to industry experts. There are many ways that you can target your audience on social media and Facebook ads, which is an important factor in digital marketing because it helps you reach the right people who are interested in your brand and not just anybody who will see your ad campaign.

Timeline

Published on: 09/19/2022 22:15:00 UTC
Last modified on: 09/22/2022 14:52:00 UTC

References

• https://www.suse.com/security/cve/CVE-2022-28321.html
• http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src/
• https://bugzilla.suse.com/show_bug.cgi?id=1197654
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28321