[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-0360Date: (C)2009-02-13   (M)2023-12-22


Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.2
Exploit Score: 1.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1021711
http://www.securityfocus.com/archive/1/500892/100/0/threaded
SUNALERT-252767
BID-33740
SECUNIA-33914
SECUNIA-33917
SECUNIA-34260
SECUNIA-34449
ADV-2009-0410
ADV-2009-0426
ADV-2009-0979
DSA-1721
GLSA-200903-39
USN-719-1
http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm
http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html
oval:org.mitre.oval:def:5669
oval:org.mitre.oval:def:5732

CWE    1
CWE-287
OVAL    3
oval:org.mitre.oval:def:8149
oval:org.secpod.oval:def:700376
oval:org.secpod.oval:def:600457

© SecPod Technologies