Russ Allbery pam-krb5 prior to 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eyrie pam-krb5 3.2 |
||
eyrie pam-krb5 3.3 |
||
eyrie pam-krb5 |
||
eyrie pam-krb5 3.0 |
||
eyrie pam-krb5 3.1 |
||
eyrie pam-krb5 3.6 |
||
eyrie pam-krb5 3.7 |
||
eyrie pam-krb5 3.10 |
||
eyrie pam-krb5 3.11 |
||
eyrie pam-krb5 3.8 |
||
eyrie pam-krb5 3.9 |
||
eyrie pam-krb5 3.4 |
||
eyrie pam-krb5 3.5 |