Detections
Analytics

FreeBSD : FreeBSD -- login.access fails to apply rules (a8654f1d-770d-11eb-b87a-901b0ef719ab)

medium Nessus Plugin ID 146857

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

A regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored. Impact : The configuration in login.access(5) may not be applied, permitting login access to users even when the system is configured to deny it.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?701441a3

Plugin Details

Severity: Medium

ID: 146857

File Name: freebsd_pkg_a8654f1d770d11ebb87a901b0ef719ab.nasl

Version: 1.3

Type: local

Published: 2/25/2021

Updated: 4/6/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2020-25580

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 2/25/2021

Vulnerability Publication Date: 2/24/2021

Reference Information

CVE: CVE-2020-25580

FreeBSD: SA-21:03.pam_login_access