CVE-2009-3232 Information

Description

pam-auth-update for PAM as used in Ubuntu 8.10 and 9.4 and Debian GNU/Linux does not properly handle an \empty selection\ for system authentication modules in certain rare configurations which causes any attempt to be successful and allows remote attackers to bypass authentication.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927 http://secunia.com/advisories/36620 http://www.openwall.com/lists/oss-security/2009/09/08/7 http://www.securityfocus.com/bid/36306 https://launchpad.net/bugs/410171 https://usn.ubuntu.com/828-1/