This CPE summary could be partial or incomplete. Please contact us for a detailed listing.


Vendor Ubuntu First view 2009-09-17
Product Ubuntu Linux Last view 2009-09-17
Version 9.04 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
CPE Product cpe:2.3:o:ubuntu:ubuntu_linux

Activity : Overall

Related : CVE

  Date Alert Description
9.3 2009-09-17 CVE-2009-3232

pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.

CWE : Common Weakness Enumeration

100% (1) CWE-287 Improper Authentication

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-57 Utilizing REST's Trust in the System Resource to Register Man in the Middle
CAPEC-94 Man in the Middle Attack
CAPEC-114 Authentication Abuse

Open Source Vulnerability Database (OSVDB)

id Description
57908 pam-auth-update on Ubuntu Linux Authentication Bypass

OpenVAS Exploits

id Description
2009-09-15 Name : Ubuntu USN-828-1 (pam)
File : nvt/ubuntu_828_1.nasl

Nessus® Vulnerability Scanner

id Description
2009-09-15 Name: The remote system has an authentication bypass vulnerability.
File: account_root_randpw.nasl - Type: ACT_GATHER_INFO
2009-09-09 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-828-1.nasl - Type: ACT_GATHER_INFO