CVE-2009-0887

Priority
Low
Description
Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c
in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file
contains non-ASCII usernames, might allow remote attackers to cause a
denial of service, and might allow remote authenticated users to obtain
login access with a different user's non-ASCII username, via a login
attempt.
References
Bugs
Package
Source: pam (LP Ubuntu Debian)
Upstream:released (1.0.1-10)
Patches:
Upstream:http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?r1=1.9&r2=1.9.2.1&pathrev=Linux-PAM-1_0-branch
Upstream:http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/tests/Makefile.am?r1=1.5&r2=1.5.2.1&pathrev=Linux-PAM-1_0-branch
Upstream:http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/tests/tst-pam_mkargv.c?r1=1.1&r2=1.1.2.3&pathrev=Linux-PAM-1_0-branch
More Information

Updated: 2017-08-11 23:39:37 UTC (commit 13081)