Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1384

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-1384
Last Modified 17 Feb 2011 01:43:05
Published 28 May 2009 04:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1384

Summary

pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Vulnerable Systems

Application

  • Eyrie Pam-krb5 2.2.14

  • Eyrie Pam-krb5 2.3

  • Eyrie Pam-krb5 2.3.4


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=502602

VUPEN - ADV-2009-1448

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2011-0003.html

BID - 35112

BUGTRAQ - 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

MLIST - [oss-security] 20090527 CVE assignment notification (pam_krb5 CVE-2009-1384)

MANDRIVA - MDVSA-2010:054

SECUNIA - 43314

SECUNIA - 35230

OSVDB - 54791


Last Updated: 27 May 2016 10:50:33