CVE-2009-0360

MEDIUM

Description

Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.

References

http://secunia.com/advisories/33914

http://secunia.com/advisories/33917

http://secunia.com/advisories/34260

http://secunia.com/advisories/34449

http://security.gentoo.org/glsa/glsa-200903-39.xml

http://securitytracker.com/id?1021711

http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1

http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm

http://www.debian.org/security/2009/dsa-1721

http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html

http://www.securityfocus.com/archive/1/500892/100/0/threaded

http://www.securityfocus.com/bid/33740

http://www.ubuntu.com/usn/USN-719-1

http://www.vupen.com/english/advisories/2009/0410

http://www.vupen.com/english/advisories/2009/0426

http://www.vupen.com/english/advisories/2009/0979

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5669

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5732

Details

Source: MITRE

Published: 2009-02-13

Updated: 2018-10-11

Type: CWE-287

Risk Information

CVSS v2.0

Base Score: 6.2

Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 1.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:eyrie:pam-krb5:2.0:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:2.1:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:2.2:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:2.3:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:2.4:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:2.5:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:2.6:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:3.0:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:3.1:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:3.2:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:3.3:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:3.4:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:3.5:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:3.6:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:3.7:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:3.8:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:3.9:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:3.10:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:3.11:*:*:*:*:*:*:*

cpe:2.3:a:eyrie:pam-krb5:*:*:*:*:*:*:*:* versions up to 3.12 (inclusive)

Tenable Plugins

View all (9 total)

ID	Name	Product	Family	Severity
79961	GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010	Nessus	Gentoo Local Security Checks	critical
36218	Ubuntu 8.04 LTS / 8.10 : libpam-krb5 vulnerabilities (USN-719-1)	Nessus	Ubuntu Local Security Checks	medium
36027	GLSA-200903-39 : pam_krb5: Privilege escalation	Nessus	Gentoo Local Security Checks	medium
35663	Debian DSA-1722-1 : libpam-heimdal - programming error	Nessus	Debian Local Security Checks	medium
35662	Debian DSA-1721-1 : libpam-krb5 - several vulnerabilities	Nessus	Debian Local Security Checks	medium
35208	Solaris 10 (x86) : 138372-06	Nessus	Solaris Local Security Checks	medium
35197	Solaris 10 (sparc) : 138371-06	Nessus	Solaris Local Security Checks	medium
13620	Solaris 9 (x86) : 115168-24	Nessus	Solaris Local Security Checks	critical
13520	Solaris 9 (sparc) : 112908-38	Nessus	Solaris Local Security Checks	critical