Canonical · Ubuntu · CVE-2009-3232
**Name of the Vulnerable Software and Affected Versions**
pam-auth-update for PAM versions in Ubuntu 8.10 and 9.4, and Debian GNU/Linux (affected versions not specified)
**Description**
The issue is related to the handling of an "empty selection" for system authentication modules in certain rare configurations. This causes any authentication attempt to be successful, allowing remote attackers to bypass authentication.
**Recommendations**
For Ubuntu 8.10 and 9.4, and Debian GNU/Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.