Lucene search

Ubuntu.comUB:CVE-2009-0887

HistoryMar 12, 2009 - 12:00 a.m.

CVE-2009-0887

2009-03-1200:00:00

ubuntu.com

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

EPSS

0.004

Percentile

74.2%

JSON

Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c
in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file
contains non-ASCII usernames, might allow remote attackers to cause a
denial of service, and might allow remote authenticated users to obtain
login access with a different user’s non-ASCII username, via a login
attempt.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchpam< 0.99.7.1-5ubuntu6.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	pam	< 0.99.7.1-5ubuntu6.3	UNKNOWN

References

www.openwall.com/lists/oss-security/2009/03/05/1

launchpad.net/bugs/cve/CVE-2009-0887

nvd.nist.gov/vuln/detail/CVE-2009-0887

security-tracker.debian.org/tracker/CVE-2009-0887

ubuntu.com/security/notices/USN-1140-1

www.cve.org/CVERecord?id=CVE-2009-0887

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

EPSS

0.004

Percentile

74.2%

JSON

Related for UB:CVE-2009-0887