Integer Signedness Error in Linux-PAM Affects User Authentication
CVE-2009-0887

Currently unrated

Key Information:

Vendor

Linux-pam

Status
Linux-pam
Vendor
CVE Published:
12 March 2009

What is CVE-2009-0887?

An integer signedness error exists in the _pam_StrTok function of Linux-PAM versions up to 1.0.3. This vulnerability is triggered when configuration files include non-ASCII usernames, potentially allowing remote attackers to induce a denial of service. Furthermore, authenticated users could exploit this flaw to gain access using another user's non-ASCII username, compromising account security and integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpa...
x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
http://openwall.com/lists/oss-security/2009/03/05/1
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.