CVE-2009-3232

Canonical Ubuntu Linux - Authentication Bypass

Title source: rule

Description

pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.

References (6)

[Issue Tracking, Mailing List] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927

[Broken Link, Vendor Advisory] http://secunia.com/advisories/36620

[Mailing List] http://www.openwall.com/lists/oss-security/2009/09/08/7

[Broken Link, Patch, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/36306

[Issue Tracking, Patch] https://launchpad.net/bugs/410171

[Broken Link] https://usn.ubuntu.com/828-1/

Scores

EPSS 0.0054

EPSS Percentile 67.3%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

canonical/ubuntu_linux

canonical/ubuntu_linux

Timeline

Published Sep 17, 2009

Tracked Since Feb 18, 2026