pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
References
Link | Resource |
---|---|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927 | Issue Tracking Mailing List |
http://secunia.com/advisories/36620 | Broken Link Vendor Advisory |
http://www.openwall.com/lists/oss-security/2009/09/08/7 | Mailing List |
http://www.securityfocus.com/bid/36306 | Broken Link Patch Third Party Advisory VDB Entry |
https://launchpad.net/bugs/410171 | Issue Tracking Patch |
https://usn.ubuntu.com/828-1/ | Broken Link |
Configurations
Configuration 1 (hide)
|
History
13 Feb 2024, 17:42
Type | Values Removed | Values Added |
---|---|---|
First Time |
Canonical ubuntu Linux
Canonical |
|
References | () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927 - Issue Tracking, Mailing List | |
References | () http://secunia.com/advisories/36620 - Broken Link, Vendor Advisory | |
References | () http://www.openwall.com/lists/oss-security/2009/09/08/7 - Mailing List | |
References | () http://www.securityfocus.com/bid/36306 - Broken Link, Patch, Third Party Advisory, VDB Entry | |
References | () https://launchpad.net/bugs/410171 - Issue Tracking, Patch | |
References | () https://usn.ubuntu.com/828-1/ - Broken Link | |
CPE | cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:* cpe:2.3:o:ubuntu:ubuntu_linux:8.10:*:*:*:*:*:*:* |
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* |
Information
Published : 2009-09-17 10:30
Updated : 2024-02-13 17:42
NVD link : CVE-2009-3232
Mitre link : CVE-2009-3232
CVE.ORG link : CVE-2009-3232
JSON object : View
Products Affected
canonical
- ubuntu_linux
CWE
CWE-287
Improper Authentication