CVE-2009-3232 Information
Share on:
Feb 14, 2021
cve
Description
pam-auth-update for PAM as used in Ubuntu 8.10 and 9.4 and Debian GNU/Linux does not properly handle an \empty selection\ for system authentication modules in certain rare configurations which causes any attempt to be successful and allows remote attackers to bypass authentication.
Reference
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927 http://secunia.com/advisories/36620 http://www.openwall.com/lists/oss-security/2009/09/08/7 http://www.securityfocus.com/bid/36306 https://launchpad.net/bugs/410171 https://usn.ubuntu.com/828-1/