Detections
Analytics
Mandriva Linux Security Advisory : pam (MDVSA-2009:077)
medium Nessus Plugin ID 36591
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
A security vulnerability has been identified and fixed in pam :Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt (CVE-2009-0887).
The updated packages have been patched to prevent this.
Additionally some development packages were missing that are required to build pam for CS4, these are also provided with this update.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 36591
File Name: mandriva_MDVSA-2009-077.nasl
Version: 1.15
Type: local
Family: Mandriva Local Security Checks
Published: 4/23/2009
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.6
Temporal Score: 5.5
Vector: CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:lib64pam-devel, p-cpe:/a:mandriva:linux:lib64pam0, p-cpe:/a:mandriva:linux:libpam-devel, p-cpe:/a:mandriva:linux:libpam0, p-cpe:/a:mandriva:linux:pam, p-cpe:/a:mandriva:linux:pam-doc, cpe:/o:mandriva:linux:2008.0, cpe:/o:mandriva:linux:2008.1, cpe:/o:mandriva:linux:2009.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/21/2009
Reference Information
CVE: CVE-2009-0887
BID: 34010
CWE: 189
MDVSA: 2009:077