| Revision Date: | 2014-06-23 | Version: | 3 |
| Title: | DSA-1721 libpam-krb5 -- several vulnerabilities |
| Description: | Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from enviromnent variables when run from a setuid context. This could lead to local privilege escalation if an attacker points a setuid program using PAM authentication to a Kerberos setup under her control. Derek Chan discovered that the Kerberos PAM module allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to privilege escalation. |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2009-0360
CVE-2009-0361
DSA-1721
|
| Platform(s): | Debian GNU/Linux 4.0
| Product(s): | libpam-krb5
|
| Definition Synopsis |
| Debian GNU/Linux 4.0 is installed. AND libpam-krb5 is earlier than 2.6-1etch1
|