Candidate: CVE-2009-1273
PublicDate: 2009-04-08 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1273
Description:
 pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with
 USE=ssh, generates different error messages depending on whether the
 username is valid or invalid, which makes it easier for remote attackers to
 enumerate usernames.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.gentoo.org/show_bug.cgi?id=263579
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_libpam-ssh:
upstream_libpam-ssh: needs-triage
dapper_libpam-ssh: ignored (reached end-of-life)
gutsy_libpam-ssh: needs-triage (reached end-of-life)
hardy_libpam-ssh: ignored (reached end-of-life)
intrepid_libpam-ssh: needs-triage (reached end-of-life)
jaunty_libpam-ssh: ignored (reached end-of-life)
karmic_libpam-ssh: ignored (reached end-of-life)
lucid_libpam-ssh: not-affected (1.92-7)
maverick_libpam-ssh: not-affected (1.92-7)
natty_libpam-ssh: not-affected (1.92-7)
oneiric_libpam-ssh: not-affected (1.92-7)
devel_libpam-ssh: not-affected (1.92-7)