Vulnerabilities > CVE-2009-0887 - Numeric Errors vulnerability in Linux-Pam
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2009-3204.NASL description Update to new minor upstream release. Minor security issue fixes and bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37813 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37813 title Fedora 10 : pam-1.0.4-4.fc10 (2009-3204) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200909-01.NASL description The remote host is affected by the vulnerability described in GLSA-200909-01 (Linux-PAM: Privilege escalation) Marcus Granado repoted that Linux-PAM does not properly handle user names that contain Unicode characters. This is related to integer signedness errors in the pam_StrTok() function in libpam/pam_misc.c. Impact : A remote attacker could exploit this vulnerability to cause a Denial of Service. A remote authenticated attacker could exploit this vulnerability to log in to a system with the account of a user that has a similar user name, but with non-ASCII characters. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 40879 published 2009-09-08 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40879 title GLSA-200909-01 : Linux-PAM: Privilege escalation NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1140-1.NASL description Marcus Granado discovered that PAM incorrectly handled configuration files with non-ASCII usernames. A remote attacker could use this flaw to cause a denial of service, or possibly obtain login access with a different users username. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-0887) It was discovered that the PAM pam_xauth, pam_env and pam_mail modules incorrectly handled dropping privileges when performing operations. A local attacker could use this flaw to read certain arbitrary files, and access other sensitive information. (CVE-2010-3316, CVE-2010-3430, CVE-2010-3431, CVE-2010-3435) It was discovered that the PAM pam_namespace module incorrectly cleaned the environment during execution of the namespace.init script. A local attacker could use this flaw to possibly gain privileges. (CVE-2010-3853) It was discovered that the PAM pam_xauth module incorrectly handled certain failures. A local attacker could use this flaw to delete certain unintended files. (CVE-2010-4706) It was discovered that the PAM pam_xauth module incorrectly verified certain file properties. A local attacker could use this flaw to cause a denial of service. (CVE-2010-4707). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55102 published 2011-06-13 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55102 title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : pam vulnerabilities (USN-1140-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-077.NASL description A security vulnerability has been identified and fixed in pam : Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user last seen 2020-06-01 modified 2020-06-02 plugin id 36591 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36591 title Mandriva Linux Security Advisory : pam (MDVSA-2009:077) NASL family Fedora Local Security Checks NASL id FEDORA_2009-3231.NASL description Update to new minor upstream release. Minor security issue fixes and bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36156 published 2009-04-15 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36156 title Fedora 9 : pam-1.0.4-4.fc9 (2009-3231) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1140-2.NASL description USN-1140-1 fixed vulnerabilities in PAM. A regression was found that caused cron to stop working with a last seen 2020-06-01 modified 2020-06-02 plugin id 55103 published 2011-06-13 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55103 title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : pam regression (USN-1140-2)
Statements
contributor | Tomas Hoger |
lastmodified | 2009-03-13 |
organization | Red Hat |
statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0887 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ |
References
- http://openwall.com/lists/oss-security/2009/03/05/1
- http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?view=log
- http://www.securityfocus.com/bid/34010
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:077
- http://secunia.com/advisories/34733
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00398.html
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00420.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49110
- http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?r1=1.9&%3Br2=1.10&%3Bview=patch