NVD

Id
48202  
Name
CVE-2009-0887  
Description
Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user"s non-ASCII username, via a login attempt.  
Reject
 
CVSS Version
2  
CVSS Score
6.6  
Severity
Medium  
CVSS Base Score
6.6  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
2.7  
CVSS Vector
(AV:L/AC:M/Au:S/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2009-03-12  
Modified Date
2009-04-18  
Seq
2009-0887  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
242244 48202 CVE-2009-0887 [oss-security] 20090305 CVE Request -- pam  View
242245 48202 CVE-2009-0887 http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?r1=1.9&r2=1.10&view=patch  View
242246 48202 CVE-2009-0887 http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?view=log  View
242247 48202 CVE-2009-0887 MDVSA-2009:077  View
242248 48202 CVE-2009-0887 34010  View
242249 48202 CVE-2009-0887 linuxpam-pamstrtok-priv-escalation(49110)  View
242250 48202 CVE-2009-0887 FEDORA-2009-3204  View
242251 48202 CVE-2009-0887 FEDORA-2009-3231  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
40475 JVNDB-2009-001481 Linux-PAM (別名 pam) の _pam_StrTok 関数における整数符号エラーの脆弱性 Linux-PAM (別名 pam) の _pam_StrTok 関数 (libpam/pam_misc.c) には、設定ファイルが非 ASCII 文字のユーザ名を含んでいる場合に、整数符号エラーの脆弱性が存在します。 CVE-2009-0887 38318 CVE-2009-0887 48202 6.6 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001481.html 2009-03-12 2009-06-30 View