CVE-2009-0887

Name of the Vulnerable Software and Affected Versions Linux-PAM versions 1.0.3 and earlier

Description The issue is related to an integer signedness error in the pam StrTok function. This error can occur when a configuration file contains non-ASCII usernames. As a result, remote attackers might be able to cause a denial of service. Additionally, remote authenticated users might be able to obtain login access with a different user's non-ASCII username by making a login attempt.

Recommendations For Linux-PAM versions 1.0.3 and earlier, update to a version later than 1.0.3 to resolve the issue.