{"id":"DEBIAN-CVE-2009-0887","details":"Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt.","modified":"2025-11-19T01:19:10.449115Z","published":"2009-03-12T15:20:50.127Z","upstream":["CVE-2009-0887"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2009-0887"}],"affected":[{"package":{"name":"pam","ecosystem":"Debian:11","purl":"pkg:deb/debian/pam?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1-10"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2009-0887.json"}},{"package":{"name":"pam","ecosystem":"Debian:12","purl":"pkg:deb/debian/pam?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1-10"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2009-0887.json"}},{"package":{"name":"pam","ecosystem":"Debian:13","purl":"pkg:deb/debian/pam?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1-10"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2009-0887.json"}},{"package":{"name":"pam","ecosystem":"Debian:14","purl":"pkg:deb/debian/pam?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1-10"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2009-0887.json"}}],"schema_version":"1.7.3"}