Back to search
CVE-2009-0361
Published: Feb 13, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
oval:org.mitre.oval:def:5521
vdb-entry
signature
x_refsource_OVAL
34260
third-party-advisory
x_refsource_SECUNIA
252767
vendor-advisory
x_refsource_SUNALERT
33914
third-party-advisory
x_refsource_SECUNIA
USN-719-1
vendor-advisory
x_refsource_UBUNTU
DSA-1722
vendor-advisory
x_refsource_DEBIAN
33918
third-party-advisory
x_refsource_SECUNIA
ADV-2009-0426
vdb-entry
x_refsource_VUPEN
1021711
vdb-entry
x_refsource_SECTRACK
ADV-2009-0410
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:5403
vdb-entry
signature
x_refsource_OVAL
http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm
x_refsource_CONFIRM
34449
third-party-advisory
x_refsource_SECUNIA
33917
third-party-advisory
x_refsource_SECUNIA
DSA-1721
vendor-advisory
x_refsource_DEBIAN
20090211 pam-krb5 security advisory (3.12 and earlier)
mailing-list
x_refsource_BUGTRAQ
GLSA-200903-39
vendor-advisory
x_refsource_GENTOO
33741
vdb-entry
x_refsource_BID
ADV-2009-0979
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now