Описание
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
Ссылки
- Issue TrackingMailing List
- Broken LinkVendor Advisory
- Mailing List
- Broken LinkPatchThird Party AdvisoryVDB Entry
- Issue TrackingPatch
- Broken Link
- Issue TrackingMailing List
- Broken LinkVendor Advisory
- Mailing List
- Broken LinkPatchThird Party AdvisoryVDB Entry
- Issue TrackingPatch
- Broken Link
Уязвимые конфигурации
Одно из
EPSS
9.3 Critical
CVSS2
Дефекты
Связанные уязвимости
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GN ...
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
EPSS
9.3 Critical
CVSS2