Authentication Bypass in PAM Used by Ubuntu and Debian
CVE-2009-3232

Currently unrated

Key Information:

Vendor: Ubuntu
Status: Ubuntu Linux; Debian Linux
Vendor: CVE Published:; 17 September 2009

What is CVE-2009-3232?

The pam-auth-update tool in PAM, utilized by Ubuntu versions 8.10 and 9.4, as well as various Debian GNU/Linux distributions, fails to correctly process an 'empty selection' for system authentication modules. This flaw allows remote attackers to successfully bypass authentication mechanisms in certain uncommon configurations, potentially leading to unauthorized access.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927

x_refsource_CONFIRM

https://launchpad.net/bugs/410171

x_refsource_CONFIRM

http://secunia.com/advisories/36620

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2009
Vulnerability Reserved
Sep 16, 2009