CVE-2009-0887

2009-03-1215:20:50

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

EPSS

0.004

Percentile

74.2%

JSON

Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user’s non-ASCII username, via a login attempt.

OSVersionArchitecturePackageVersionFilename
Debian12allpam< 1.0.1-10pam_1.0.1-10_all.deb
Debian11allpam< 1.0.1-10pam_1.0.1-10_all.deb
Debian999allpam< 1.0.1-10pam_1.0.1-10_all.deb
Debian13allpam< 1.0.1-10pam_1.0.1-10_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	pam	< 1.0.1-10	pam_1.0.1-10_all.deb
Debian	11	all	pam	< 1.0.1-10	pam_1.0.1-10_all.deb
Debian	999	all	pam	< 1.0.1-10	pam_1.0.1-10_all.deb
Debian	13	all	pam	< 1.0.1-10	pam_1.0.1-10_all.deb