6.5 Medium
AI Score
Confidence
Low
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
8.3%
pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance.
CPE | Name | Operator | Version |
---|---|---|---|
enterprise_linux | eq | 5 unknown-server | |
enterprise_linux_desktop | eq | 5 unknown-client |
lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
secunia.com/advisories/32119
secunia.com/advisories/32135
secunia.com/advisories/32174
secunia.com/advisories/43314
www.mandriva.com/security/advisories?name=MDVSA-2008:209
www.redhat.com/support/errata/RHSA-2008-0907.html
www.securityfocus.com/archive/1/516397/100/0/threaded
www.securityfocus.com/bid/31534
www.securitytracker.com/id?1020978
www.vmware.com/security/advisories/VMSA-2011-0003.html
bugzilla.redhat.com/show_bug.cgi?id=461960
exchange.xforce.ibmcloud.com/vulnerabilities/45635
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10923
www.redhat.com/archives/fedora-package-announce/2008-October/msg00150.html
www.redhat.com/archives/fedora-package-announce/2008-October/msg00166.html