CVE-2009-3232

EUVD-2009-3215
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
8.10
canonicalubuntu_linux
9.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pam
bookworm
1.5.2-6+deb12u1
fixed
bullseye
1.4.0-9+deb11u1
fixed
etch
not-affected
lenny
not-affected
sid
1.5.3-7
fixed
trixie
1.5.3-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pam
dapper
not-affected
hardy
not-affected
intrepid
Fixed 1.0.1-4ubuntu5.6
released
jaunty
Fixed 1.0.1-9ubuntu1.1
released
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927
http://secunia.com/advisories/36620
http://www.openwall.com/lists/oss-security/2009/09/08/7
http://www.securityfocus.com/bid/36306
https://launchpad.net/bugs/410171
https://usn.ubuntu.com/828-1/
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927
http://secunia.com/advisories/36620
http://www.openwall.com/lists/oss-security/2009/09/08/7
http://www.securityfocus.com/bid/36306
https://launchpad.net/bugs/410171
https://usn.ubuntu.com/828-1/