pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
References
Link | Resource |
---|---|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927 | Issue Tracking Mailing List |
http://secunia.com/advisories/36620 | Broken Link Vendor Advisory |
http://www.openwall.com/lists/oss-security/2009/09/08/7 | Mailing List |
http://www.securityfocus.com/bid/36306 | Broken Link Patch Third Party Advisory VDB Entry |
https://launchpad.net/bugs/410171 | Issue Tracking Patch |
https://usn.ubuntu.com/828-1/ | Broken Link |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-09-17T10:00:00
Updated: 2018-10-03T20:57:01
Reserved: 2009-09-16T00:00:00
Link: CVE-2009-3232
JSON object: View
NVD Information
Status : Analyzed
Published: 2009-09-17T10:30:01.250
Modified: 2024-02-13T17:42:02.047
Link: CVE-2009-3232
JSON object: View
Redhat Information
No data.
CWE