MNBSD-2021-2: pam_login_access rules not applied correctly

Severity: Unknown

Affected Package: pam

Summary: pam_login_access rules not applied correctly

Description

A regression in login.access(5) rule processing caused access-denial rules to fail to match, so the pam_login_access module could permit login access to users even when the system was configured to deny it.

Affected Versions

pam

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2020-25580

Published: February 24, 2021
Last Modified: February 24, 2021