SecuritySpace - CVE-2022-28321

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2022-28321

Description: The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream.

Test IDs: 1.3.6.1.4.1.25623.1.1.12.2023.5825.2 1.3.6.1.4.1.25623.1.1.12.2023.5825.1

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2022-28321
http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src/
https://bugzilla.suse.com/show_bug.cgi?id=1197654
https://www.suse.com/security/cve/CVE-2022-28321.html

CVE ID:	CVE-2022-28321
Description:	The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream.
Test IDs:	1.3.6.1.4.1.25623.1.1.12.2023.5825.2 1.3.6.1.4.1.25623.1.1.12.2023.5825.1
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2022-28321 http://download.opensuse.org/source/distribution/openSUSE-current/repo/oss/src/ https://bugzilla.suse.com/show_bug.cgi?id=1197654 https://www.suse.com/security/cve/CVE-2022-28321.html