Published: 13/02/2009 Updated: 11/10/2018

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Russ Allbery pam-krb5 prior to 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.

Vulnerable Product	Search on Vulmon	Subscribe to Product
eyrie pam-krb5 3.2
eyrie pam-krb5 3.3
eyrie pam-krb5
eyrie pam-krb5 3.0
eyrie pam-krb5 3.1
eyrie pam-krb5 3.6
eyrie pam-krb5 3.7
eyrie pam-krb5 3.10
eyrie pam-krb5 3.11
eyrie pam-krb5 3.8
eyrie pam-krb5 3.9
eyrie pam-krb5 3.4
eyrie pam-krb5 3.5

Debian Bug report logs - #516695 libpam-heimdal: new version (313) fixing two security issues Package: libpam-heimdal; Maintainer for libpam-heimdal is Russ Allbery <rra@debianorg>; Source for libpam-heimdal is src:libpam-krb5 (PTS, buildd, popcon) Reported by: Richard A Nelson <cowboy@debianorg> Date: Mon, 23 Feb ...

It was discovered that pam_krb5 parsed environment variables when run with setuid applications A local attacker could exploit this flaw to bypass authentication checks and gain root privileges (CVE-2009-0360) ...

Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0360 Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from environment variables when run from a setuid context This could le ...

CWE-264 http://www.debian.org/security/2009/dsa-1721 http://www.ubuntu.com/usn/USN-719-1 http://securitytracker.com/id?1021711 http://secunia.com/advisories/33917 http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html http://www.debian.org/security/2009/dsa-1722 http://secunia.com/advisories/33918 http://secunia.com/advisories/33914 http://www.securityfocus.com/bid/33741 http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1 http://secunia.com/advisories/34260 http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm http://security.gentoo.org/glsa/glsa-200903-39.xml http://secunia.com/advisories/34449 http://www.vupen.com/english/advisories/2009/0979 http://www.vupen.com/english/advisories/2009/0426 http://www.vupen.com/english/advisories/2009/0410 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5521 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5403 http://www.securityfocus.com/archive/1/500892/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516695 https://usn.ubuntu.com/719-1/https://nvd.nist.gov

CVE-2009-0361

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect