Mandriva Linux Security Advisory : pam_krb5 (MDVSA-2008:209-1)
Medium Nessus Plugin ID 36566
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionStÃ©phane Bertin discovered a flaw in the pam_krb5 existing_ticket configuration option where, if enabled and using an existing credential cache, it was possible for a local user to gain elevated privileges by using a different, local user's credential cache (CVE-2008-3825).
The updated packages have been patched to prevent this issue.
An updated package for Mandriva Linux 2009.0 is now available.
SolutionUpdate the affected pam_krb5 package.