Showing 1 - 8 of 8

CVE-2009-0360

Status Candidate

Overview

Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.

Related Files

Gentoo Linux Security Advisory 201412-08: Posted Dec 12, 2014; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201412-8 - This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.; tags | advisory, remote, local, vulnerability, code execution; systems | linux, gentoo; advisories | CVE-2006-3005, CVE-2007-2741, CVE-2008-0553, CVE-2008-1382, CVE-2008-5907, CVE-2008-6218, CVE-2008-6661, CVE-2009-0040, CVE-2009-0360, CVE-2009-0361, CVE-2009-0946, CVE-2009-2042, CVE-2009-2624, CVE-2009-3736, CVE-2009-4029, CVE-2009-4411, CVE-2009-4896, CVE-2010-0001, CVE-2010-0436, CVE-2010-0732, CVE-2010-0829, CVE-2010-1000, CVE-2010-1205, CVE-2010-1511, CVE-2010-2056, CVE-2010-2060, CVE-2010-2192, CVE-2010-2251; SHA-256 | a863e2eb03f0ac1937834e096aa9a52158ef6e9eb8144f3d6df45b14d4002a27; Download | Favorite | View

HP Security Bulletin HPSBUX02415 SSRT090023: Posted Apr 7, 2009; Authored by Hewlett Packard | Site hp.com; HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running PAM Kerberos. The vulnerability could be exploited locally to create a privilege escalation or to allow an unauthorized access.; tags | advisory; systems | hpux; advisories | CVE-2009-0360, CVE-2009-0361; SHA-256 | d2e72c5731e1088cb46a6434e12e16fbdecaa351b638d3d0782b41f668a43dfc; Download | Favorite | View

pam-krb5 Privilege Escalation: Posted Mar 30, 2009; Authored by Jon Oberheide; pam-krb5 versions below 3.13 local privilege escalation exploit.; tags | exploit, local; advisories | CVE-2009-0360; SHA-256 | ed6caf64e916f13fb22ba283a61616d7a4668b0cdd50588a48572cfcd9deedfb; Download | Favorite | View

Gentoo Linux Security Advisory 200903-39: Posted Mar 26, 2009; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200903-39 - Two vulnerabilities in pam_krb5 might allow local users to elevate their privileges or overwrite arbitrary files. Versions less than 3.12 are affected.; tags | advisory, arbitrary, local, vulnerability; systems | linux, gentoo; advisories | CVE-2009-0360, CVE-2009-0361; SHA-256 | d736a5e491154169e90336376e2729432b759f619f95ac81399cad1e946d0d69; Download | Favorite | View

Solaris Kerberos PAM Module Privilege Escalation: Posted Feb 16, 2009; Site sunsolve.sun.com; Sun Security Advisory - A security vulnerability in the Solaris Kerberos PAM module may allow use of a user specified Kerberos configuration file, leading to escalation of privileges.; tags | advisory; systems | solaris; advisories | CVE-2009-0360, CVE-2009-0361; SHA-256 | 0b4f5956c54b78b438db584a20d734a43f248bdbe1b4ba68a0163cf173361186; Download | Favorite | View

Ubuntu Security Notice 719-1: Posted Feb 12, 2009; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice USN-719-1 - It was discovered that pam_krb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. Derek Chan discovered that pam_krb5 incorrectly handled refreshing existing credentials when used with setuid applications. A local attacker could exploit this to create or overwrite arbitrary files, and possibly gain root privileges.; tags | advisory, arbitrary, local, root; systems | linux, ubuntu; advisories | CVE-2009-0360, CVE-2009-0361; SHA-256 | ccb390c7c8ac7375711ca07de825f8151af54f882f27007ed7f3ab0cf68d877d; Download | Favorite | View

pam-krb5 File Ovewrite: Posted Feb 11, 2009; Authored by Russ Allbery; A security vulnerability in pam-krb5 allowing overwrite and chown of arbitrary files via Solaris su was discovered by Derek Chan and reported by Steven Luo on 2009-01-29. Subsequent code auditing for behavior in setuid applications uncovered another, more general and more serious bug that could result in privilege escalation. Versions below 3.13 are affected.; tags | advisory, arbitrary; systems | solaris; advisories | CVE-2009-0360, CVE-2009-0361; SHA-256 | bdb406a56845ea6531e01e4f9824194fe901c4587b9a6192655d9830a038ffb2; Download | Favorite | View

Debian Linux Security Advisory 1721-1: Posted Feb 11, 2009; Authored by Debian | Site debian.org; Debian Security Advisory 1721-1 - Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos.; tags | advisory, local, vulnerability; systems | linux, debian; advisories | CVE-2009-0360, CVE-2009-0361; SHA-256 | db0345a6dd0cf6b1a7b5cb0b929674cc542799fb057597a2cd7ae6f1ec768cf9; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2009-0360

Overview

Related Files

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems