CVE-2009-3232
Publication date 17 September 2009
Last updated 24 July 2024
Ubuntu priority
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an “empty selection” for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
Status
Package | Ubuntu Release | Status |
---|---|---|
pam | 9.04 jaunty |
Fixed 1.0.1-9ubuntu1.1
|
8.10 intrepid |
Fixed 1.0.1-4ubuntu5.6
|
|
8.04 LTS hardy |
Not affected
|
|
6.06 LTS dapper |
Not affected
|