← back
CVE-2009-3232

CVE-2009-3232

EPSS 4.6%
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927http://secunia.com/advisories/36620https://launchpad.net/bugs/410171https://usn.ubuntu.com/828-1/http://www.openwall.com/lists/oss-security/2009/09/08/7http://www.securityfocus.com/bid/36306