CVE-2022-28321

Name of the Vulnerable Software and Affected Versions Linux-PAM versions prior to 1.5.2-6.1

Description The issue is related to the pam access.so module of the Linux-PAM package, which does not correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. This can allow a user with denied access to a machine to still get access. The relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory, and it does not affect Linux-PAM upstream.

Recommendations For Linux-PAM versions prior to 1.5.2-6.1, update to version 1.5.2-6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the pam access.so module until a patch is available. Avoid using the pam access.so module for SSH logins from IP addresses that are not resolvable via DNS until the issue is resolved.