CVE-2009-3232
Ubuntu Linux - Improper Authentication via Empty PAM Module Selection
Title source: llmDescription
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
References (6)
Core 6
Core References
Issue Tracking, Mailing List x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927
Issue Tracking, Patch x_refsource_confirm
https://launchpad.net/bugs/410171
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36620
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/09/08/7
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36306
Broken Link vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/828-1/
Scores
EPSS
0.0461
EPSS Percentile
90.5%
Details
CWE
CWE-287
Status
published
Products (2)
canonical/ubuntu_linux
8.10
canonical/ubuntu_linux
9.04
Published
Sep 17, 2009
Tracked Since
Feb 18, 2026