CVE-2009-0887

Impact:
Low
Public Date:
2009-02-25
Bugzilla:
489932: CVE-2009-0887 pam: integer signedness error in _pam_StrTok()

The MITRE CVE dictionary describes this issue as:

Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt.

Find out more about CVE-2009-0887 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat does not consider this issue to be a security vulnerability. Affected function is only used to parse PAM configuration files and this bug can only be triggered by specific configuration created by the system administrator.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.