CVE-2018-17953: pam_access does not handle netmask matches correctly
First published: Thu Nov 15 2018(Updated: )
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kernel Linux-pam | =1.3.0 | |
| openSUSE Leap | =15.0 | |
| SUSE Linux Enterprise | =15.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2018-17953.
What is the severity level of CVE-2018-17953?
The severity level of CVE-2018-17953 is critical with a CVSS score of 8.1.
Which software versions are affected by CVE-2018-17953?
The affected software versions are PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15.
What is the impact of CVE-2018-17953?
CVE-2018-17953 could lead to pam_access rules not being applied (fail open).
Is there a fix available for CVE-2018-17953?
Yes, a SUSE specific patch is available to fix the issue. Please refer to the provided reference for more information.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/remedy
- agent/references
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/kernel
- canonical/kernel linux-pam
- version/kernel linux-pam/1.3.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0
- vendor/suse
- canonical/suse linux enterprise
- version/suse linux enterprise/15.0