CVE-2009-3232
EPSS 0.54%Published: 9/17/2009Modified: 4/28/2026
Also known as:DEBIAN-CVE-2009-3232
Description
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
Affected packages (1)
- Debian/pamfrom 0, < 1.0.1-10