#VU71525 Incorrect authorization in linux-pam - CVE-2022-28321

Cybersecurity Help s.r.o.

Published: 2023-01-25 | Updated: 2023-05-26

Vulnerability identifier: #VU71525

Vulnerability risk: Medium

CVSSv4.0: 5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-28321

CWE-ID: CWE-863

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
linux-pam
Other software / Other software solutions

Vendor: git.kernel.org

Description

The vulnerability allows a remote attacker to bypass authorization process.

The vulnerability exists due to an error within the pam_access.so module in Linux-PAM package, which does not correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. A remote attacker can bypass authorization process and login to the system via SSH from IP addresses that were not allowed to connect from.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

linux-pam: 1.0.0 - 1.5.1

External links
https://bugzilla.suse.com/show_bug.cgi?id=1197654
https://github.com/linux-pam/linux-pam/pull/447
https://tanzu.vmware.com/security/usn-5825-2

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

VMware Tanzu Isolation Segment update for linux-pam

Multiple vulnerabilities in Cloud Foundry Foundation cflinuxfs3

Ubuntu update for pam

Authorization bypass in Linux-PAM