VDB
CVE-2009-0887
CVE-2009-0887
PUBLISHED
CVSS 6.599999904632568 MEDIUM
Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt.
EPSS 0.21% · 43.8th percentile
Risk Scores
CVSS 2.0
6.599999904632568
EPSS Score
0.21%
43.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| linux-pam | linux-pam | 0, 0.99.1.0, 0.99.2.0 |
Timeline
- Mar 12, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?r1=1.9&%3Br2=1.10&%3Bview=patch url
- MDVSA-2009:077 vendor-advisory
- [oss-security] 20090305 CVE Request -- pam mailing-list
- FEDORA-2009-3204 vendor-advisory
- linuxpam-pamstrtok-priv-escalation(49110) vdb
- http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?view=log url
- 34010 vdb
- FEDORA-2009-3231 vendor-advisory
- 34733 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2009-0887 advisory
- http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?r1=1.9&r2=1.10&view=patch url