Vulnerabilities > CVE-2009-0887 - Numeric Errors vulnerability in Linux-Pam

047910
CVSS 6.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
linux-pam
CWE-189
nessus

Summary

Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-3204.NASL
    descriptionUpdate to new minor upstream release. Minor security issue fixes and bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37813
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37813
    titleFedora 10 : pam-1.0.4-4.fc10 (2009-3204)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200909-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200909-01 (Linux-PAM: Privilege escalation) Marcus Granado repoted that Linux-PAM does not properly handle user names that contain Unicode characters. This is related to integer signedness errors in the pam_StrTok() function in libpam/pam_misc.c. Impact : A remote attacker could exploit this vulnerability to cause a Denial of Service. A remote authenticated attacker could exploit this vulnerability to log in to a system with the account of a user that has a similar user name, but with non-ASCII characters. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id40879
    published2009-09-08
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40879
    titleGLSA-200909-01 : Linux-PAM: Privilege escalation
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1140-1.NASL
    descriptionMarcus Granado discovered that PAM incorrectly handled configuration files with non-ASCII usernames. A remote attacker could use this flaw to cause a denial of service, or possibly obtain login access with a different users username. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-0887) It was discovered that the PAM pam_xauth, pam_env and pam_mail modules incorrectly handled dropping privileges when performing operations. A local attacker could use this flaw to read certain arbitrary files, and access other sensitive information. (CVE-2010-3316, CVE-2010-3430, CVE-2010-3431, CVE-2010-3435) It was discovered that the PAM pam_namespace module incorrectly cleaned the environment during execution of the namespace.init script. A local attacker could use this flaw to possibly gain privileges. (CVE-2010-3853) It was discovered that the PAM pam_xauth module incorrectly handled certain failures. A local attacker could use this flaw to delete certain unintended files. (CVE-2010-4706) It was discovered that the PAM pam_xauth module incorrectly verified certain file properties. A local attacker could use this flaw to cause a denial of service. (CVE-2010-4707). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55102
    published2011-06-13
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55102
    titleUbuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : pam vulnerabilities (USN-1140-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-077.NASL
    descriptionA security vulnerability has been identified and fixed in pam : Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user
    last seen2020-06-01
    modified2020-06-02
    plugin id36591
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36591
    titleMandriva Linux Security Advisory : pam (MDVSA-2009:077)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-3231.NASL
    descriptionUpdate to new minor upstream release. Minor security issue fixes and bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36156
    published2009-04-15
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36156
    titleFedora 9 : pam-1.0.4-4.fc9 (2009-3231)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1140-2.NASL
    descriptionUSN-1140-1 fixed vulnerabilities in PAM. A regression was found that caused cron to stop working with a
    last seen2020-06-01
    modified2020-06-02
    plugin id55103
    published2011-06-13
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55103
    titleUbuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : pam regression (USN-1140-2)

Statements

contributorTomas Hoger
lastmodified2009-03-13
organizationRed Hat
statementRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0887 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/