Lucene search
Copyright (C) 2009 E-Soft Inc.OPENVAS:136141256231063648HistoryMar 31, 2009 - 12:00 a.m.
Mandrake Security Advisory MDVSA-2009:077 (pam)
2009-03-3100:00:00
Copyright (C) 2009 E-Soft Inc.
plugins.openvas.org
6
CVSS2
6.6
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:C/I:C/A:C
AI Score
6.4
Confidence
Low
EPSS
0.004
Percentile
74.2%
The remote host is missing an update to pam
announced via advisory MDVSA-2009:077.
# SPDX-FileCopyrightText: 2009 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.63648");
script_version("2023-07-18T05:05:36+0000");
script_tag(name:"last_modification", value:"2023-07-18 05:05:36 +0000 (Tue, 18 Jul 2023)");
script_tag(name:"creation_date", value:"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)");
script_cve_id("CVE-2009-0887");
script_tag(name:"cvss_base", value:"6.6");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:S/C:C/I:C/A:C");
script_name("Mandrake Security Advisory MDVSA-2009:077 (pam)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 E-Soft Inc.");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/rpms", re:"ssh/login/release=MNDK_(2008\.0|2008\.1|2009\.0|3\.0|4\.0|2\.0)");
script_tag(name:"insight", value:"A security vulnerability has been identified and fixed in pam:
Integer signedness error in the _pam_StrTok function in
libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a
configuration file contains non-ASCII usernames, might allow remote
attackers to cause a denial of service, and might allow remote
authenticated users to obtain login access with a different user's
non-ASCII username, via a login attempt (CVE-2009-0887).
The updated packages have been patched to prevent this.
Additionally some development packages were missing that are required
to build pam for CS4, these are also provided with this update.
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0");
script_tag(name:"solution", value:"To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:077");
script_tag(name:"summary", value:"The remote host is missing an update to pam
announced via advisory MDVSA-2009:077.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"libpam0", rpm:"libpam0~0.99.8.1~6.1mdv2008.0", rls:"MNDK_2008.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libpam-devel", rpm:"libpam-devel~0.99.8.1~6.1mdv2008.0", rls:"MNDK_2008.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"pam", rpm:"pam~0.99.8.1~6.1mdv2008.0", rls:"MNDK_2008.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"pam-doc", rpm:"pam-doc~0.99.8.1~6.1mdv2008.0", rls:"MNDK_2008.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64pam0", rpm:"lib64pam0~0.99.8.1~6.1mdv2008.0", rls:"MNDK_2008.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64pam-devel", rpm:"lib64pam-devel~0.99.8.1~6.1mdv2008.0", rls:"MNDK_2008.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libpam0", rpm:"libpam0~0.99.8.1~8.1mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libpam-devel", rpm:"libpam-devel~0.99.8.1~8.1mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"pam", rpm:"pam~0.99.8.1~8.1mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"pam-doc", rpm:"pam-doc~0.99.8.1~8.1mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64pam0", rpm:"lib64pam0~0.99.8.1~8.1mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64pam-devel", rpm:"lib64pam-devel~0.99.8.1~8.1mdv2008.1", rls:"MNDK_2008.1")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libpam0", rpm:"libpam0~0.99.8.1~16.1mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libpam-devel", rpm:"libpam-devel~0.99.8.1~16.1mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"pam", rpm:"pam~0.99.8.1~16.1mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"pam-doc", rpm:"pam-doc~0.99.8.1~16.1mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64pam0", rpm:"lib64pam0~0.99.8.1~16.1mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64pam-devel", rpm:"lib64pam-devel~0.99.8.1~16.1mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libpam0", rpm:"libpam0~0.77~12.2.C30mdk", rls:"MNDK_3.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libpam0-devel", rpm:"libpam0-devel~0.77~12.2.C30mdk", rls:"MNDK_3.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"pam", rpm:"pam~0.77~12.2.C30mdk", rls:"MNDK_3.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"pam-doc", rpm:"pam-doc~0.77~12.2.C30mdk", rls:"MNDK_3.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64pam0", rpm:"lib64pam0~0.77~12.2.C30mdk", rls:"MNDK_3.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64pam0-devel", rpm:"lib64pam0-devel~0.77~12.2.C30mdk", rls:"MNDK_3.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"cracklib-dicts", rpm:"cracklib-dicts~2.8.3~1.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libcrack2", rpm:"libcrack2~2.8.3~1.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libcrack2-devel", rpm:"libcrack2-devel~2.8.3~1.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libpam0", rpm:"libpam0~0.77~31.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libpam0-devel", rpm:"libpam0-devel~0.77~31.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libpwdb0", rpm:"libpwdb0~0.62~2.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libpwdb0-devel", rpm:"libpwdb0-devel~0.62~2.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libpwdb0-static-devel", rpm:"libpwdb0-static-devel~0.62~2.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"pam", rpm:"pam~0.77~31.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"pam-doc", rpm:"pam-doc~0.77~31.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"pwdb-conf", rpm:"pwdb-conf~0.62~2.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64crack2", rpm:"lib64crack2~2.8.3~1.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64crack2-devel", rpm:"lib64crack2-devel~2.8.3~1.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64pam0", rpm:"lib64pam0~0.77~31.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64pam0-devel", rpm:"lib64pam0-devel~0.77~31.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64pwdb0", rpm:"lib64pwdb0~0.62~2.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64pwdb0-devel", rpm:"lib64pwdb0-devel~0.62~2.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"lib64pwdb0-static-devel", rpm:"lib64pwdb0-static-devel~0.62~2.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libpam0", rpm:"libpam0~0.77~12.2.C30mdk", rls:"MNDK_2.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"libpam0-devel", rpm:"libpam0-devel~0.77~12.2.C30mdk", rls:"MNDK_2.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"pam", rpm:"pam~0.77~12.2.C30mdk", rls:"MNDK_2.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"pam-doc", rpm:"pam-doc~0.77~12.2.C30mdk", rls:"MNDK_2.0")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99);
}
Related
nessus
nessus
GLSA-200909-01 : Linux-PAM: Privilege escalation
2009-09-08 00:00:00
Mandriva Linux Security Advisory : pam (MDVSA-2009:077)
2009-04-23 00:00:00
Fedora 9 : pam-1.0.4-4.fc9 (2009-3231)
2009-04-15 00:00:00
prion
prion
Integer overflow
2009-03-12 15:20:00
securityvulns
securityvulns
Linux-PAM signed/unsignedconversion vulnerability
2009-03-24 00:00:00
[ MDVSA-2009:077 ] pam
2009-03-24 00:00:00
cvelist
cvelist
CVE-2009-0887
2009-03-12 15:00:00
cve
cve
CVE-2009-0887
2009-03-12 15:20:50
fedora
fedora
[SECURITY] Fedora 9 Update: pam-1.0.4-4.fc9
2009-04-14 15:58:52
[SECURITY] Fedora 10 Update: pam-1.0.4-4.fc10
2009-04-14 15:53:20
gentoo
gentoo
Linux-PAM: Privilege escalation
2009-09-07 00:00:00
openvas
openvas
Fedora Core 10 FEDORA-2009-3204 (pam)
2009-04-15 00:00:00
Fedora Core 9 FEDORA-2009-3231 (pam)
2009-04-15 00:00:00
Gentoo Security Advisory GLSA 200909-01 (pam)
2009-09-09 00:00:00
nvd
nvd
CVE-2009-0887
2009-03-12 15:20:50
debiancve
debiancve
CVE-2009-0887
2009-03-12 15:20:50
ubuntucve
ubuntucve
CVE-2009-0887
2009-03-12 00:00:00
ubuntu
ubuntu
PAM regression
2011-05-31 00:00:00
PAM vulnerabilities
2011-05-30 00:00:00
CVSS2
6.6
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:C/I:C/A:C
AI Score
6.4
Confidence
Low
EPSS
0.004
Percentile
74.2%
Related for OPENVAS:136141256231063648