CVE-2009-3232

high

Description

pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927

http://secunia.com/advisories/36620

http://www.openwall.com/lists/oss-security/2009/09/08/7

http://www.securityfocus.com/bid/36306

https://launchpad.net/bugs/410171

https://usn.ubuntu.com/828-1/

Details

Source: MITRE

Published: 2009-09-17

Updated: 2018-10-03

Type: CWE-287

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH