|
|
Log in / Subscribe / Register

libpam-krb5: multiple vulnerabilities

Package(s):libpam-krb5 CVE #(s):CVE-2009-0360 CVE-2009-0361
Created:February 12, 2009 Updated:March 26, 2009
Description: Two vulnerabilities have been found in the Kerberos PAM module. From the Debian alert:

CVE-2009-0360 Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from environment variables when run from a setuid context. This could lead to local privilege escalation if an attacker points a setuid program using PAM authentication to a Kerberos setup under her control.

CVE-2009-0361 Derek Chan discovered that the Kerberos PAM module allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to privilege escalation.

Alerts:
Gentoo 201412-08 insight, perl-tk, sourcenav, tk, partimage, bitdefender-console, mlmmj, acl, xinit, gzip, ncompress, liblzw, splashutils, m4, kdm, gtk+, kget, dvipng, beanstalkd, pmount, pam_krb5, gv, lftp, uzbl, slim, iputils, dvbstreamer 2014-12-11
Gentoo 200903-39 pam_krb5 2009-03-25
Ubuntu USN-719-1 libpam-krb5 2009-02-12
Debian DSA-1722-1 libpam-heimdal 2009-02-11
Debian DSA-1721-1 libpam-krb5 2009-02-11
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds