SUSE update for pam

1) Configuration

EUVDB-ID: #VU111387

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2025-6018

CWE-ID: CWE-16 - Configuration

Exploit availability: Yes

Description

The issue may allow a local user to escalate privileges on the system.

The issue exists due an error in the PAM configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15. An unprivileged user who logs in via sshd can force the pam_env module to add arbitrary variables to PAM's environment, leading to arbitrary code execution as root. 

Mitigation

Update the affected package pam to the latest version.

Vulnerable software versions

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.6

SUSE Linux Enterprise Micro: 5.1 - 5.5

SUSE Linux Enterprise Micro for Rancher: 5.2 - 5.4

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

pam-doc: before 1.3.0-150000.6.83.1

pam-extra-32bit: before 1.3.0-150000.6.83.1

pam-devel-32bit: before 1.3.0-150000.6.83.1

pam-extra-32bit-debuginfo: before 1.3.0-150000.6.83.1

pam-32bit: before 1.3.0-150000.6.83.1

pam-32bit-debuginfo: before 1.3.0-150000.6.83.1

pam-devel: before 1.3.0-150000.6.83.1

pam-debugsource: before 1.3.0-150000.6.83.1

pam-extra: before 1.3.0-150000.6.83.1

pam: before 1.3.0-150000.6.83.1

pam-extra-debuginfo: before 1.3.0-150000.6.83.1

pam-debuginfo: before 1.3.0-150000.6.83.1

CPE2.3

• cpe:2.3:o:suse:basesystem_module:15-SP6:*:*:*:*:*:*:*
• cpe:2.3:o:suse:basesystem_module:15-SP7:*:*:*:*:*:*:*
• cpe:2.3:o:suse:development_tools_module:15-SP6:*:*:*:*:*:*:*
• cpe:2.3:o:suse:development_tools_module:15-SP7:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
• cpe:2.3:a:suse:pam-doc:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-extra-32bit:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-devel-32bit:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-extra-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-32bit:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-devel:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-extra:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-debuginfo:*:*:*:*:*:suse_linux:*:*

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502013-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Improper access control

EUVDB-ID: #VU111389

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-6020

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions within the pam_namespace module when handling user-controlled paths. A local user can use specially crafted symlinks and race conditions to execute arbitrary code as root. 

Mitigation

Update the affected package pam to the latest version.

Vulnerable software versions

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.6

SUSE Linux Enterprise Micro: 5.1 - 5.5

SUSE Linux Enterprise Micro for Rancher: 5.2 - 5.4

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

pam-doc: before 1.3.0-150000.6.83.1

pam-extra-32bit: before 1.3.0-150000.6.83.1

pam-devel-32bit: before 1.3.0-150000.6.83.1

pam-extra-32bit-debuginfo: before 1.3.0-150000.6.83.1

pam-32bit: before 1.3.0-150000.6.83.1

pam-32bit-debuginfo: before 1.3.0-150000.6.83.1

pam-devel: before 1.3.0-150000.6.83.1

pam-debugsource: before 1.3.0-150000.6.83.1

pam-extra: before 1.3.0-150000.6.83.1

pam: before 1.3.0-150000.6.83.1

pam-extra-debuginfo: before 1.3.0-150000.6.83.1

pam-debuginfo: before 1.3.0-150000.6.83.1

CPE2.3

• cpe:2.3:o:suse:basesystem_module:15-SP6:*:*:*:*:*:*:*
• cpe:2.3:o:suse:basesystem_module:15-SP7:*:*:*:*:*:*:*
• cpe:2.3:o:suse:development_tools_module:15-SP6:*:*:*:*:*:*:*
• cpe:2.3:o:suse:development_tools_module:15-SP7:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp3:LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_enterprise_storage:7.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
• cpe:2.3:a:suse:pam-doc:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-extra-32bit:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-devel-32bit:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-extra-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-32bit:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-devel:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-extra:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:pam-debuginfo:*:*:*:*:*:suse_linux:*:*

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502013-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.