pam_krb5 Existing/Non-Existing Username Enumeration Weakness

Bugtraq ID: 35112
Class: Design Error
CVE: CVE-2009-1384
Remote: Yes
Local: No
Published: May 27 2009 12:00AM
Updated: May 07 2015 05:05PM
Credit: Jan Lieskovsky
Vulnerable: VMWare vMA 4.0 RHEL5
VMWare ESX Server 4.1
VMWare ESX Server 4.0
Russ Allbery pam_krb5 2.2.14
Redhat Enterprise Linux Desktop Workstation 5 client
Redhat Enterprise Linux Desktop 5 client
Redhat Enterprise Linux 5 Server
Mandriva Linux Mandrake 2009.1 x86_64
Mandriva Linux Mandrake 2009.1
Mandriva Linux Mandrake 2009.0 x86_64
Mandriva Linux Mandrake 2009.0
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Avaya IQ 5.1
Avaya IQ 5
Avaya Aura System Manager 5.2
Avaya Aura Application Enablement Services 5.2.1
Avaya Aura Application Enablement Services 5.2
Not Vulnerable: VMWare ESX Server 4.1 ESX410-201101201
VMWare ESX Server 4.0 ESX400-201005406
Avaya IQ 5.2
Avaya Aura System Manager 6.0
Avaya Aura Application Enablement Services 5.2.2


 

Privacy Statement
Copyright 2010, SecurityFocus