Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-3232

pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.

Published

2009-09-17T10:30:01.250

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	canonical	ubuntu_linux	8.10	Yes
Operating System	canonical	ubuntu_linux	9.04	Yes

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927 Issue Tracking, Mailing List ([email protected])
http://secunia.com/advisories/36620 Broken Link, Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2009/09/08/7 Mailing List ([email protected])
http://www.securityfocus.com/bid/36306 Broken Link, Patch, Third Party Advisory, VDB Entry ([email protected])
https://launchpad.net/bugs/410171 Issue Tracking, Patch ([email protected])
https://usn.ubuntu.com/828-1/ Broken Link ([email protected])
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927 Issue Tracking, Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36620 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2009/09/08/7 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/36306 Broken Link, Patch, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://launchpad.net/bugs/410171 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/828-1/ Broken Link (af854a3a-2127-422b-91ae-364da2661108)