{"id":"CVE-2009-3232","details":"pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an \"empty selection\" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.","modified":"2026-04-10T03:40:54.068678Z","published":"2009-09-17T10:30:01Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/36620"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/36306"},{"type":"ARTICLE","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2009/09/08/7"},{"type":"FIX","url":"http://www.securityfocus.com/bid/36306"},{"type":"FIX","url":"https://launchpad.net/bugs/410171"},{"type":"REPORT","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519927"},{"type":"REPORT","url":"https://launchpad.net/bugs/410171"},{"type":"WEB","url":"http://www.securityfocus.com/bid/36306"},{"type":"WEB","url":"https://usn.ubuntu.com/828-1/"}],"schema_version":"1.7.5"}