CVE-2009-0360

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.

References

http://secunia.com/advisories/33914

http://secunia.com/advisories/33917

http://secunia.com/advisories/34260

http://secunia.com/advisories/34449

http://security.gentoo.org/glsa/glsa-200903-39.xml

http://securitytracker.com/id?1021711

http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1

http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm

http://www.debian.org/security/2009/dsa-1721

http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html

http://www.securityfocus.com/archive/1/500892/100/0/threaded

http://www.securityfocus.com/bid/33740

http://www.ubuntu.com/usn/USN-719-1

http://www.vupen.com/english/advisories/2009/0410

http://www.vupen.com/english/advisories/2009/0426

http://www.vupen.com/english/advisories/2009/0979

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5669

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5732

Details

Source: MITRE

Published: 2009-02-13

Updated: 2018-10-11

Type: CWE-287

Risk Information

CVSS v2

Base Score: 6.2

Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 1.9

Severity: MEDIUM

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
79961GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010NessusGentoo Local Security Checks
critical
36218Ubuntu 8.04 LTS / 8.10 : libpam-krb5 vulnerabilities (USN-719-1)NessusUbuntu Local Security Checks
medium
36027GLSA-200903-39 : pam_krb5: Privilege escalationNessusGentoo Local Security Checks
medium
35663Debian DSA-1722-1 : libpam-heimdal - programming errorNessusDebian Local Security Checks
medium
35662Debian DSA-1721-1 : libpam-krb5 - several vulnerabilitiesNessusDebian Local Security Checks
medium
35208Solaris 10 (x86) : 138372-06NessusSolaris Local Security Checks
medium
35197Solaris 10 (sparc) : 138371-06NessusSolaris Local Security Checks
medium
13620Solaris 9 (x86) : 115168-24NessusSolaris Local Security Checks
critical
13520Solaris 9 (sparc) : 112908-38NessusSolaris Local Security Checks
critical