CVE-2009-0360

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2009-0360
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.

6.2 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 1.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://secunia.com/advisories/33917 Vendor Advisory
http://securitytracker.com/id?1021711
http://www.debian.org/security/2009/dsa-1721
http://secunia.com/advisories/33914 Vendor Advisory
http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html Vendor Advisory
http://www.securityfocus.com/bid/33740
http://www.ubuntu.com/usn/USN-719-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1
http://secunia.com/advisories/34260
http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm
http://security.gentoo.org/glsa/glsa-200903-39.xml
http://secunia.com/advisories/34449
http://www.vupen.com/english/advisories/2009/0979
http://www.vupen.com/english/advisories/2009/0426
http://www.vupen.com/english/advisories/2009/0410
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5732
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5669
http://www.securityfocus.com/archive/1/500892/100/0/threaded
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:eyrie:pam-krb5:3.8:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.7:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.0:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:2.6:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:*:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.11:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.4:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.3:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:2.3:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:2.2:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.10:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.1:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:2.4:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.5:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.6:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:2.0:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:2.1:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.9:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:2.5:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.2:*:*:*:*:*:*:*
Information

Published : 2009-02-13 09:30

Updated : 2018-10-11 14:01

NVD link : CVE-2009-0360

Mitre link : CVE-2009-0360

JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa
Products Affected

eyrie

  • pam-krb5