FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- login.access fails to apply rules

Affected packages
12.2 <= FreeBSD < 12.2_4
11.4 <= FreeBSD < 11.4_8

Details

VuXML ID a8654f1d-770d-11eb-b87a-901b0ef719ab
Discovery 2021-02-24
Entry 2021-02-25

Problem Description:

A regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored.

Impact:

The configuration in login.access(5) may not be applied, permitting login access to users even when the system is configured to deny it.

References

CVE Name CVE-2020-25580
FreeBSD Advisory SA-21:03.pam_login_access