OVAL Reference oval:org.mitre.oval:def:5669

Oval Definition:

oval:org.mitre.oval:def:5669

Revision Date:	2015-04-20	Version:	25
Title:	HP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized Access
Description:	Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.
Family:	unix	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2009-0360
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis
Criteria meets HP Security Bulletin HPSBUX02415 HP-UX B.11.23 AND filesets tests PAM-Kerberos.PAM-KRB-64SLIB version is less than C.01.25 OR PAM-Kerberos.PAM-KRB-DEMO version is less than C.01.25 OR PAM-Kerberos.PAM-KRB-I64LIB version is less than C.01.25 OR PAM-Kerberos.PAM-KRB-IASLIB version is less than C.01.25 OR PAM-Kerberos.PAM-KRB-MAN version is less than C.01.25 OR PAM-Kerberos.PAM-KRB-RUN version is less than C.01.25 OR PAM-Kerberos.PAM-KRB-SHLIB version is less than C.01.25 OR Criteria meets HP Security Bulletin HPSBUX02415 HP-UX B.11.11 AND filesets tests KRBS-Support.KRBS-SUPP-MAN version is less than B.11.11.16 OR KRBS-Support.KRBS-SUPP-NOTE version is less than B.11.11.16 OR KRBS-Support.KRBS-SUPP-RUN version is less than B.11.11.16 OR PAM-Kerberos.PAM-KRB-64SLIB version is less than B.11.11.16 OR PAM-Kerberos.PAM-KRB-DEMO version is less than B.11.11.16 OR PAM-Kerberos.PAM-KRB-MAN version is less than B.11.11.16 OR PAM-Kerberos.PAM-KRB-RUN version is less than B.11.11.16 OR PAM-Kerberos.PAM-KRB-SHLIB version is less than B.11.11.16 OR Criteria meets HP Security Bulletin HPSBUX02415 HP-UX B.11.31 AND filesets tests PAM-Kerberos.PAM-KRB-64SLIB version is less than D.01.25 OR PAM-Kerberos.PAM-KRB-DEMO version is less than D.01.25 OR PAM-Kerberos.PAM-KRB-I64LIB version is less than D.01.25 OR PAM-Kerberos.PAM-KRB-IASLIB version is less than D.01.25 OR PAM-Kerberos.PAM-KRB-MAN version is less than D.01.25 OR PAM-Kerberos.PAM-KRB-RUN version is less than D.01.25 OR PAM-Kerberos.PAM-KRB-SHLIB version is less than D.01.25

BACK