GLSA-200903-39 : pam_krb5: Privilege escalation

Medium Nessus Plugin ID 36027

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200903-39 (pam_krb5: Privilege escalation)

The following vulnerabilities were discovered:
pam_krb5 does not properly initialize the Kerberos libraries for setuid use (CVE-2009-0360).
Derek Chan reported that calls to pam_setcred() are not properly handled when running setuid (CVE-2009-0361).
Impact :

A local attacker could set an environment variable to point to a specially crafted Kerberos configuration file and launch a PAM-based setuid application to elevate privileges, or change ownership and overwrite arbitrary files.
Workaround :

There is no known workaround at this time.

Solution

All pam_krb5 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=sys-auth/pam_krb5-3.12'

See Also

https://security.gentoo.org/glsa/200903-39

Plugin Details

Severity: Medium

ID: 36027

File Name: gentoo_GLSA-200903-39.nasl

Version: 1.16

Type: local

Published: 2009/03/27

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.2

Temporal Score: 4.9

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:pam_krb5, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/03/25

Reference Information

CVE: CVE-2009-0360, CVE-2009-0361

BID: 33740, 33741

GLSA: 200903-39

CWE: 264, 287