Your submission was sent successfully! Close

CVE-2009-3232

Published: 17 September 2009

pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.

Priority

Medium

Status

Package Release Status
pam
Launchpad, Ubuntu, Debian
dapper Not vulnerable

hardy Not vulnerable

intrepid
Released (1.0.1-4ubuntu5.6)
jaunty
Released (1.0.1-9ubuntu1.1)
upstream
Released (1.0.1-10)