CVE-2018-17953

A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
kernellinux-pam
1.3.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pam
bookworm
1.5.2-6+deb12u1
fixed
bullseye
1.4.0-9+deb11u1
fixed
sid
1.5.3-7
fixed
trixie
1.5.3-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pam
bionic
not-affected
cosmic
not-affected
trusty
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
pam
suse enterprise desktop 15
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP1
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP2
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP3
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP4
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP5
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP6
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP7
1.3.0-6.6.1
fixed
suse enterprise sap 15
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP1
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP2
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP3
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP4
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP5
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP6
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP7
1.3.0-6.6.1
fixed
suse enterprise server 15
1.3.0-6.6.1
fixed
suse enterprise server 15 SP1
1.3.0-6.6.1
fixed
suse enterprise server 15 SP2
1.3.0-6.6.1
fixed
suse enterprise server 15 SP3
1.3.0-6.6.1
fixed
suse enterprise server 15 SP4
1.3.0-6.6.1
fixed
suse enterprise server 15 SP5
1.3.0-6.6.1
fixed
suse enterprise server 15 SP6
1.3.0-6.6.1
fixed
suse enterprise server 15 SP7
1.3.0-6.6.1
fixed
pam-32bit
suse enterprise desktop 15
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP1
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP2
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP3
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP4
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP5
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP6
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP7
1.3.0-6.6.1
fixed
suse enterprise sap 15
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP1
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP2
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP3
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP4
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP5
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP6
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP7
1.3.0-6.6.1
fixed
suse enterprise server 15
1.3.0-6.6.1
fixed
suse enterprise server 15 SP1
1.3.0-6.6.1
fixed
suse enterprise server 15 SP2
1.3.0-6.6.1
fixed
suse enterprise server 15 SP3
1.3.0-6.6.1
fixed
suse enterprise server 15 SP4
1.3.0-6.6.1
fixed
suse enterprise server 15 SP5
1.3.0-6.6.1
fixed
suse enterprise server 15 SP6
1.3.0-6.6.1
fixed
suse enterprise server 15 SP7
1.3.0-6.6.1
fixed
pam-devel
suse enterprise desktop 15
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP1
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP2
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP3
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP4
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP5
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP6
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP7
1.3.0-6.6.1
fixed
suse enterprise sap 15
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP1
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP2
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP3
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP4
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP5
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP6
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP7
1.3.0-6.6.1
fixed
suse enterprise server 15
1.3.0-6.6.1
fixed
suse enterprise server 15 SP1
1.3.0-6.6.1
fixed
suse enterprise server 15 SP2
1.3.0-6.6.1
fixed
suse enterprise server 15 SP3
1.3.0-6.6.1
fixed
suse enterprise server 15 SP4
1.3.0-6.6.1
fixed
suse enterprise server 15 SP5
1.3.0-6.6.1
fixed
suse enterprise server 15 SP6
1.3.0-6.6.1
fixed
suse enterprise server 15 SP7
1.3.0-6.6.1
fixed
pam-doc
suse enterprise desktop 15
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP1
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP2
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP3
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP4
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP5
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP6
1.3.0-6.6.1
fixed
suse enterprise desktop 15 SP7
1.3.0-6.6.1
fixed
suse enterprise sap 15
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP1
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP2
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP3
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP4
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP5
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP6
1.3.0-6.6.1
fixed
suse enterprise sap 15 SP7
1.3.0-6.6.1
fixed
suse enterprise server 15
1.3.0-6.6.1
fixed
suse enterprise server 15 SP1
1.3.0-6.6.1
fixed
suse enterprise server 15 SP2
1.3.0-6.6.1
fixed
suse enterprise server 15 SP3
1.3.0-6.6.1
fixed
suse enterprise server 15 SP4
1.3.0-6.6.1
fixed
suse enterprise server 15 SP5
1.3.0-6.6.1
fixed
suse enterprise server 15 SP6
1.3.0-6.6.1
fixed
suse enterprise server 15 SP7
1.3.0-6.6.1
fixed
pam-extra
suse enterprise desktop 15 SP2
1.3.0-6.16.1
fixed
suse enterprise desktop 15 SP3
1.3.0-6.29.1
fixed
suse enterprise desktop 15 SP4
1.3.0-150000.6.55.3
fixed
suse enterprise desktop 15 SP5
1.3.0-150000.6.61.1
fixed
suse enterprise desktop 15 SP6
1.3.0-150000.6.66.1
fixed
suse enterprise desktop 15 SP7
1.3.0-150000.6.76.1
fixed
suse enterprise sap 15 SP2
1.3.0-6.16.1
fixed
suse enterprise sap 15 SP3
1.3.0-6.29.1
fixed
suse enterprise sap 15 SP4
1.3.0-150000.6.55.3
fixed
suse enterprise sap 15 SP5
1.3.0-150000.6.61.1
fixed
suse enterprise sap 15 SP6
1.3.0-150000.6.66.1
fixed
suse enterprise sap 15 SP7
1.3.0-150000.6.76.1
fixed
suse enterprise server 15 SP2
1.3.0-6.16.1
fixed
suse enterprise server 15 SP3
1.3.0-6.29.1
fixed
suse enterprise server 15 SP4
1.3.0-150000.6.55.3
fixed
suse enterprise server 15 SP5
1.3.0-150000.6.61.1
fixed
suse enterprise server 15 SP6
1.3.0-150000.6.66.1
fixed
suse enterprise server 15 SP7
1.3.0-150000.6.76.1
fixed
pam-extra-32bit
suse enterprise desktop 15 SP2
1.3.0-6.16.1
fixed
suse enterprise desktop 15 SP3
1.3.0-6.29.1
fixed
suse enterprise desktop 15 SP4
1.3.0-150000.6.55.3
fixed
suse enterprise desktop 15 SP5
1.3.0-150000.6.61.1
fixed
suse enterprise desktop 15 SP6
1.3.0-150000.6.66.1
fixed
suse enterprise desktop 15 SP7
1.3.0-150000.6.76.1
fixed
suse enterprise sap 15 SP2
1.3.0-6.16.1
fixed
suse enterprise sap 15 SP3
1.3.0-6.29.1
fixed
suse enterprise sap 15 SP4
1.3.0-150000.6.55.3
fixed
suse enterprise sap 15 SP5
1.3.0-150000.6.61.1
fixed
suse enterprise sap 15 SP6
1.3.0-150000.6.66.1
fixed
suse enterprise sap 15 SP7
1.3.0-150000.6.76.1
fixed
suse enterprise server 15 SP2
1.3.0-6.16.1
fixed
suse enterprise server 15 SP3
1.3.0-6.29.1
fixed
suse enterprise server 15 SP4
1.3.0-150000.6.55.3
fixed
suse enterprise server 15 SP5
1.3.0-150000.6.61.1
fixed
suse enterprise server 15 SP6
1.3.0-150000.6.66.1
fixed
suse enterprise server 15 SP7
1.3.0-150000.6.76.1
fixed
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=1115640
https://bugzilla.suse.com/show_bug.cgi?id=1115640