QwikSec

Security Database

CVE

CWE

Training

CVE-2009-0887

Published: Mar 12, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?r1=1.9&amp%3Br2=1.10&amp%3Bview=patch

x_refsource_CONFIRM

vendor-advisory

x_refsource_MANDRIVA

[oss-security] 20090305 CVE Request -- pam

mailing-list

x_refsource_MLIST

FEDORA-2009-3204

vendor-advisory

x_refsource_FEDORA

linuxpam-pamstrtok-priv-escalation(49110)

vdb-entry

x_refsource_XF

http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?view=log

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

FEDORA-2009-3231

vendor-advisory

x_refsource_FEDORA

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.