CVE-2018-17953

2018-11-2713:29:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

60.7%

JSON

A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).

OSVersionArchitecturePackageVersionFilename
Debian12allpam< 1.5.2-6+deb12u1pam_1.5.2-6+deb12u1_all.deb
Debian11allpam< 1.4.0-9+deb11u1pam_1.4.0-9+deb11u1_all.deb
Debian999allpam< 1.5.3-7pam_1.5.3-7_all.deb
Debian13allpam< 1.5.3-7pam_1.5.3-7_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	pam	< 1.5.2-6+deb12u1	pam_1.5.2-6+deb12u1_all.deb
Debian	11	all	pam	< 1.4.0-9+deb11u1	pam_1.4.0-9+deb11u1_all.deb
Debian	999	all	pam	< 1.5.3-7	pam_1.5.3-7_all.deb
Debian	13	all	pam	< 1.5.3-7	pam_1.5.3-7_all.deb