Mandriva Linux Security Advisory : pam_krb5 (MDVSA-2008:209-1)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Stéphane Bertin discovered a flaw in the pam_krb5
existing_ticket configuration option where, if enabled and using an
existing credential cache, it was possible for a local user to gain
elevated privileges by using a different, local user's credential
cache (CVE-2008-3825).

The updated packages have been patched to prevent this issue.

Update :

An updated package for Mandriva Linux 2009.0 is now available.

Solution :

Update the affected pam_krb5 package.

Risk factor :

Medium / CVSS Base Score : 4.4
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 36566 (mandriva_MDVSA-2008-209.nasl)

Bugtraq ID: 31534

CVE ID: CVE-2008-3825

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now