Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different users non-ASCII username, via a login attempt.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux-pam | Linux-pam | * | 1.0.3 (including) |
Linux-pam | Linux-pam | 0.99.1.0 (including) | 0.99.1.0 (including) |
Linux-pam | Linux-pam | 0.99.2.0 (including) | 0.99.2.0 (including) |
Linux-pam | Linux-pam | 0.99.2.1 (including) | 0.99.2.1 (including) |
Linux-pam | Linux-pam | 0.99.3.0 (including) | 0.99.3.0 (including) |
Linux-pam | Linux-pam | 0.99.4.0 (including) | 0.99.4.0 (including) |
Linux-pam | Linux-pam | 0.99.5.0 (including) | 0.99.5.0 (including) |
Linux-pam | Linux-pam | 0.99.6.0 (including) | 0.99.6.0 (including) |
Linux-pam | Linux-pam | 0.99.6.1 (including) | 0.99.6.1 (including) |
Linux-pam | Linux-pam | 0.99.6.2 (including) | 0.99.6.2 (including) |
Linux-pam | Linux-pam | 0.99.6.3 (including) | 0.99.6.3 (including) |
Linux-pam | Linux-pam | 0.99.7.0 (including) | 0.99.7.0 (including) |
Linux-pam | Linux-pam | 0.99.7.1 (including) | 0.99.7.1 (including) |
Linux-pam | Linux-pam | 0.99.8.0 (including) | 0.99.8.0 (including) |
Linux-pam | Linux-pam | 0.99.8.1 (including) | 0.99.8.1 (including) |
Linux-pam | Linux-pam | 0.99.9.0 (including) | 0.99.9.0 (including) |
Linux-pam | Linux-pam | 0.99.10.0 (including) | 0.99.10.0 (including) |
Linux-pam | Linux-pam | 1.0.0 (including) | 1.0.0 (including) |
Linux-pam | Linux-pam | 1.0.1 (including) | 1.0.1 (including) |
Linux-pam | Linux-pam | 1.0.2 (including) | 1.0.2 (including) |
Pam | Ubuntu | dapper | * |
Pam | Ubuntu | gutsy | * |
Pam | Ubuntu | hardy | * |
Pam | Ubuntu | intrepid | * |
Pam | Ubuntu | jaunty | * |
Pam | Ubuntu | upstream | * |