OVAL Reference oval:org.mitre.oval:def:5521

Oval Definition:

oval:org.mitre.oval:def:5521

Revision Date:	2015-04-20	Version:	25
Title:	HP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized Access
Description:	Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.
Family:	unix	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2009-0361
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis
Criteria meets HP Security Bulletin HPSBUX02415 HP-UX B.11.23 AND filesets tests PAM-Kerberos.PAM-KRB-64SLIB version is less than C.01.25 OR PAM-Kerberos.PAM-KRB-DEMO version is less than C.01.25 OR PAM-Kerberos.PAM-KRB-I64LIB version is less than C.01.25 OR PAM-Kerberos.PAM-KRB-IASLIB version is less than C.01.25 OR PAM-Kerberos.PAM-KRB-MAN version is less than C.01.25 OR PAM-Kerberos.PAM-KRB-RUN version is less than C.01.25 OR PAM-Kerberos.PAM-KRB-SHLIB version is less than C.01.25 OR Criteria meets HP Security Bulletin HPSBUX02415 HP-UX B.11.11 AND filesets tests KRBS-Support.KRBS-SUPP-MAN version is less than B.11.11.16 OR KRBS-Support.KRBS-SUPP-NOTE version is less than B.11.11.16 OR KRBS-Support.KRBS-SUPP-RUN version is less than B.11.11.16 OR PAM-Kerberos.PAM-KRB-64SLIB version is less than B.11.11.16 OR PAM-Kerberos.PAM-KRB-DEMO version is less than B.11.11.16 OR PAM-Kerberos.PAM-KRB-MAN version is less than B.11.11.16 OR PAM-Kerberos.PAM-KRB-RUN version is less than B.11.11.16 OR PAM-Kerberos.PAM-KRB-SHLIB version is less than B.11.11.16 OR Criteria meets HP Security Bulletin HPSBUX02415 HP-UX B.11.31 AND filesets tests PAM-Kerberos.PAM-KRB-64SLIB version is less than D.01.25 OR PAM-Kerberos.PAM-KRB-DEMO version is less than D.01.25 OR PAM-Kerberos.PAM-KRB-I64LIB version is less than D.01.25 OR PAM-Kerberos.PAM-KRB-IASLIB version is less than D.01.25 OR PAM-Kerberos.PAM-KRB-MAN version is less than D.01.25 OR PAM-Kerberos.PAM-KRB-RUN version is less than D.01.25 OR PAM-Kerberos.PAM-KRB-SHLIB version is less than D.01.25

BACK