CentOS 5 : pam_krb5 (CESA-2008:0907)

Medium Nessus Plugin ID 43712

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.8


The remote CentOS host is missing a security update.


An updated pam_krb5 package that fixes a security issue is now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

The pam_krb5 module allows Pluggable Authentication Modules (PAM) aware applications to use Kerberos to verify user identities by obtaining user credentials at log in time.

A flaw was found in the pam_krb5 'existing_ticket' configuration option. If a system is configured to use an existing credential cache via the 'existing_ticket' option, it may be possible for a local user to gain elevated privileges by using a different, local user's credential cache. (CVE-2008-3825)

Red Hat would like to thank Stephane Bertin for responsibly disclosing this issue.

Users of pam_krb5 should upgrade to this updated package, which contains a backported patch to resolve this issue.


Update the affected pam_krb5 package.

See Also



Plugin Details

Severity: Medium

ID: 43712

File Name: centos_RHSA-2008-0907.nasl

Version: 1.14

Type: local

Agent: unix

Published: 2010/01/06

Updated: 2021/01/04

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 5.8

CVSS v2.0

Base Score: 4.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:centos:centos:pam_krb5, cpe:/o:centos:centos:5

Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list

Patch Publication Date: 2008/10/05

Vulnerability Publication Date: 2008/10/03

Reference Information

CVE: CVE-2008-3825

RHSA: 2008:0907

CWE: 264