USN-719-1 -- libpam-krb5 vulnerabilitiesID: oval:org.secpod.oval:def:700376 | Date: (C)2011-05-13 (M)2021-06-02 |
Class: PATCH | Family: unix |
It was discovered that pam_krb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. Derek Chan discovered that pam_krb5 incorrectly handled refreshing existing credentials when used with setuid applications. A local attacker could exploit this to create or overwrite arbitrary files, and possibly gain root privileges
Platform: |
Ubuntu 8.10 |
Ubuntu 8.04 |