CVE-2018-17953 - A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE

CVE-2018-17953

Summary

A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).

References

https://bugzilla.suse.com/show_bug.cgi?id=1115640

Vulnerable Configurations

cpe:2.3:a:kernel:linux-pam:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:kernel:linux-pam:1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:15.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:15.0:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 09-10-2019 - 23:37)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

confirm

https://bugzilla.suse.com/show_bug.cgi?id=1115640

Last major update

09-10-2019 - 23:37

Published

27-11-2018 - 13:29

Last modified

09-10-2019 - 23:37