CVE-2009-3232
EPSS 0.54%
Description
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
How to fix CVE-2009-3232
To remediate CVE-2009-3232, upgrade the affected package to a fixed version below.
- Debian/pam—upgrade to 1.0.1-10 or later
Is CVE-2009-3232 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.0.1-10