Back to search
CVE-2009-0360
Published: Feb 13, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
34260
third-party-advisory
x_refsource_SECUNIA
252767
vendor-advisory
x_refsource_SUNALERT
oval:org.mitre.oval:def:5732
vdb-entry
signature
x_refsource_OVAL
33914
third-party-advisory
x_refsource_SECUNIA
USN-719-1
vendor-advisory
x_refsource_UBUNTU
ADV-2009-0426
vdb-entry
x_refsource_VUPEN
1021711
vdb-entry
x_refsource_SECTRACK
ADV-2009-0410
vdb-entry
x_refsource_VUPEN
http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm
x_refsource_CONFIRM
34449
third-party-advisory
x_refsource_SECUNIA
33917
third-party-advisory
x_refsource_SECUNIA
DSA-1721
vendor-advisory
x_refsource_DEBIAN
20090211 pam-krb5 security advisory (3.12 and earlier)
mailing-list
x_refsource_BUGTRAQ
GLSA-200903-39
vendor-advisory
x_refsource_GENTOO
oval:org.mitre.oval:def:5669
vdb-entry
signature
x_refsource_OVAL
33740
vdb-entry
x_refsource_BID
ADV-2009-0979
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now