pam_krb5 Existing/Non-Existing Username Enumeration Weakness

Bugtraq ID: 35112
Class: Design Error
CVE: CVE-2009-1384
Remote: Yes
Local: No
Published: May 27 2009 12:00AM
Updated: Feb 11 2011 04:59PM
Credit: Jan Lieskovsky
Vulnerable: VMWare vMA 4.0 RHEL5
VMWare ESX Server 4.1
VMWare ESX Server 4.0
Russ Allbery pam_krb5 2.2.14
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux 5 server
Red Hat Fedora 9
Red Hat Fedora 11
Red Hat Fedora 10
Red Hat Enterprise Linux Desktop 5 client
MandrakeSoft Linux Mandrake 2009.1 x86_64
MandrakeSoft Linux Mandrake 2009.1
MandrakeSoft Linux Mandrake 2009.0 x86_64
MandrakeSoft Linux Mandrake 2009.0
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Avaya IQ 5
Avaya Aura System Manager 5.2
Avaya Aura Application Enablement Services 5.2
Not Vulnerable: VMWare ESX Server 4.1 ESX410-201101201
VMWare ESX Server 4.0 ESX400-201005406


 

Privacy Statement
Copyright 2010, SecurityFocus