CVE-2009-0887

N/A Unknown

Published: March 12, 2009 Modified: April 23, 2026

Description

Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://openwall.com/lists/oss-security/2009/03/05/1

Source: cve@mitre.org

Exploit

http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?r1=1.9&amp%3Br2=1.10&amp%3Bview=patch

Source: cve@mitre.org

http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?view=log

Source: cve@mitre.org

http://secunia.com/advisories/34733

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2009:077

Source: cve@mitre.org

http://www.securityfocus.com/bid/34010

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/49110

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00398.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00420.html

Source: cve@mitre.org

http://openwall.com/lists/oss-security/2009/03/05/1

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?r1=1.9&amp%3Br2=1.10&amp%3Bview=patch

Source: af854a3a-2127-422b-91ae-364da2661108

http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?view=log

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34733

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:077

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/34010

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/49110

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00398.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00420.html

Source: af854a3a-2127-422b-91ae-364da2661108

18 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.2%

44th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-189

Affected Vendors

linux-pam

Related CVEs

CVE-2026-7000 2.4

CVE-2026-6999 2.4

CVE-2026-6998 2.4

CVE-2026-6997 2.4

CVE-2026-6996 2.4