New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.8
Synopsis
The remote CentOS host is missing a security update.
Description
An updated pam_krb5 package that fixes a security issue is now available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
The pam_krb5 module allows Pluggable Authentication Modules (PAM) aware applications to use Kerberos to verify user identities by obtaining user credentials at log in time.
A flaw was found in the pam_krb5 'existing_ticket' configuration option. If a system is configured to use an existing credential cache via the 'existing_ticket' option, it may be possible for a local user to gain elevated privileges by using a different, local user's credential cache. (CVE-2008-3825)
Red Hat would like to thank Stephane Bertin for responsibly disclosing this issue.
Users of pam_krb5 should upgrade to this updated package, which contains a backported patch to resolve this issue.
Solution
Update the affected pam_krb5 package.