what you don't know can hurt you
Showing 1 - 8 of 8 RSS Feed

CVE-2009-0360

Status Candidate

Overview

Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.

Related Files

Gentoo Linux Security Advisory 201412-08
Posted Dec 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-8 - This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.

tags | advisory, remote, local, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2006-3005, CVE-2007-2741, CVE-2008-0553, CVE-2008-1382, CVE-2008-5907, CVE-2008-6218, CVE-2008-6661, CVE-2009-0040, CVE-2009-0360, CVE-2009-0361, CVE-2009-0946, CVE-2009-2042, CVE-2009-2624, CVE-2009-3736, CVE-2009-4029, CVE-2009-4411, CVE-2009-4896, CVE-2010-0001, CVE-2010-0436, CVE-2010-0732, CVE-2010-0829, CVE-2010-1000, CVE-2010-1205, CVE-2010-1511, CVE-2010-2056, CVE-2010-2060, CVE-2010-2192, CVE-2010-2251
MD5 | 4988293251dc9709a0f0caf5c1076c9b
HP Security Bulletin HPSBUX02415 SSRT090023
Posted Apr 7, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running PAM Kerberos. The vulnerability could be exploited locally to create a privilege escalation or to allow an unauthorized access.

tags | advisory
systems | hpux
advisories | CVE-2009-0360, CVE-2009-0361
MD5 | 899132631767954649aec02f6eab71ab
pam-krb5 Privilege Escalation
Posted Mar 30, 2009
Authored by Jon Oberheide

pam-krb5 versions below 3.13 local privilege escalation exploit.

tags | exploit, local
advisories | CVE-2009-0360
MD5 | 0d6c524308f164c89e349e687c6e32ad
Gentoo Linux Security Advisory 200903-39
Posted Mar 26, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200903-39 - Two vulnerabilities in pam_krb5 might allow local users to elevate their privileges or overwrite arbitrary files. Versions less than 3.12 are affected.

tags | advisory, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2009-0360, CVE-2009-0361
MD5 | 97464b24cd741424abfe96e35d23a6f6
Solaris Kerberos PAM Module Privilege Escalation
Posted Feb 16, 2009
Site sunsolve.sun.com

Sun Security Advisory - A security vulnerability in the Solaris Kerberos PAM module may allow use of a user specified Kerberos configuration file, leading to escalation of privileges.

tags | advisory
systems | solaris
advisories | CVE-2009-0360, CVE-2009-0361
MD5 | f73b0648e348b52c79a6073cb0ed7b67
Ubuntu Security Notice 719-1
Posted Feb 12, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-719-1 - It was discovered that pam_krb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. Derek Chan discovered that pam_krb5 incorrectly handled refreshing existing credentials when used with setuid applications. A local attacker could exploit this to create or overwrite arbitrary files, and possibly gain root privileges.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2009-0360, CVE-2009-0361
MD5 | 154a95c51525c417f8268c76655f24a1
pam-krb5 File Ovewrite
Posted Feb 11, 2009
Authored by Russ Allbery

A security vulnerability in pam-krb5 allowing overwrite and chown of arbitrary files via Solaris su was discovered by Derek Chan and reported by Steven Luo on 2009-01-29. Subsequent code auditing for behavior in setuid applications uncovered another, more general and more serious bug that could result in privilege escalation. Versions below 3.13 are affected.

tags | advisory, arbitrary
systems | solaris
advisories | CVE-2009-0360, CVE-2009-0361
MD5 | da5578df37724c0d89cd20850b161992
Debian Linux Security Advisory 1721-1
Posted Feb 11, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1721-1 - Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos.

tags | advisory, local, vulnerability
systems | linux, debian
advisories | CVE-2009-0360, CVE-2009-0361
MD5 | 9a5e7a19a1333d12ecc3f561be3df3b4
Page 1 of 1
Back1Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close