CVE-2009-3232

pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.

🔗 References (12)

• cve@mitrehttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927
• cve@mitrehttp://secunia.com/advisories/36620
• cve@mitrehttp://www.openwall.com/lists/oss-security/2009/09/08/7
• cve@mitrehttp://www.securityfocus.com/bid/36306
• cve@mitrehttps://launchpad.net/bugs/410171
• cve@mitrehttps://usn.ubuntu.com/828-1/
• af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36620
• af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2009/09/08/7
• af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/36306
• af854a3a-2127-422b-91ae-364da2661108https://launchpad.net/bugs/410171
• af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/828-1/