Gentoo Linux Security Advisory 201412-8 - This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.
4988293251dc9709a0f0caf5c1076c9b
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running PAM Kerberos. The vulnerability could be exploited locally to create a privilege escalation or to allow an unauthorized access.
899132631767954649aec02f6eab71ab
pam-krb5 versions below 3.13 local privilege escalation exploit.
0d6c524308f164c89e349e687c6e32ad
Gentoo Linux Security Advisory GLSA 200903-39 - Two vulnerabilities in pam_krb5 might allow local users to elevate their privileges or overwrite arbitrary files. Versions less than 3.12 are affected.
97464b24cd741424abfe96e35d23a6f6
Sun Security Advisory - A security vulnerability in the Solaris Kerberos PAM module may allow use of a user specified Kerberos configuration file, leading to escalation of privileges.
f73b0648e348b52c79a6073cb0ed7b67
Ubuntu Security Notice USN-719-1 - It was discovered that pam_krb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. Derek Chan discovered that pam_krb5 incorrectly handled refreshing existing credentials when used with setuid applications. A local attacker could exploit this to create or overwrite arbitrary files, and possibly gain root privileges.
154a95c51525c417f8268c76655f24a1
A security vulnerability in pam-krb5 allowing overwrite and chown of arbitrary files via Solaris su was discovered by Derek Chan and reported by Steven Luo on 2009-01-29. Subsequent code auditing for behavior in setuid applications uncovered another, more general and more serious bug that could result in privilege escalation. Versions below 3.13 are affected.
da5578df37724c0d89cd20850b161992
Debian Security Advisory 1721-1 - Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos.
9a5e7a19a1333d12ecc3f561be3df3b4