|Number of vulnerabilities||1|
Operating systems & Components / Operating system
libpam-modules (Ubuntu package)
Operating systems & Components / Operating system package or component
This security bulletin contains one medium risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to bypass authorization process.
The vulnerability exists due to an error within the pam_access.so module in Linux-PAM package, which does not correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. A remote attacker can bypass authorization process and login to the system via SSH from IP addresses that were not allowed to connect from.
Update the affected package pam to the latest version.Vulnerable software versions
Ubuntu: 22.10, 22.04, 20.04, 18.04, 16.04, 14.04
libpam-modules (Ubuntu package): before Ubuntu Pro (Infra-only)
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?