Ubuntu 8.04 LTS / 8.10 : libpam-krb5 vulnerabilities (USN-719-1)

It was discovered that pamkrb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. CVE-2009-0360 Derek Chan discovered that pamkrb5 incorrectly handled refreshing existing credentials wh...

Mandriva Linux Security Advisory : kdelibs (MDVSA-2008:097)

A vulnerability was found in startkdeinit in KDE 3.5.5 through 3.5.9 where, if it was installed setuid root, it could allow local users to cause a denial of service or possibly execute arbitrary code CVE-2008-1671. By default, startkdeinit is not installed setuid root on Mandriva Linux, however...

CVE-2009-1337

The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...

Design/Logic Flaw

The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...

CVE-2009-1337

The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...

CVE-2009-1337

The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...

udev Netlink Message Validation Local Privilege Escalation Vulnerability

Description The 'udev' Linux application is prone to a local privilege-escalation vulnerability because it fails to properly handle netlink messages. Local attackers may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the system. Versions prior to udev 1...

Mandriva Update for openafs MDKSA-2007:066 (openafs)

Check for the Version of openafs OpenVAS Vulnerability Test Mandriva Update for openafs MDKSA-2007:066 openafs Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mandriva Update for autofs MDVSA-2008:009-1 (autofs)

Check for the Version of autofs OpenVAS Vulnerability Test Mandriva Update for autofs MDVSA-2008:009-1 autofs Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Mandriva Update for util-linux MDKSA-2007:198 (util-linux)

Check for the Version of util-linux OpenVAS Vulnerability Test Mandriva Update for util-linux MDKSA-2007:198 util-linux Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

pam-krb5 < 3.13 Local Privilege Escalation Exploit

No description provided by source. / cve-2009-0360.c pam-krb5 3.13 local privilege escalation Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0360 pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly...

pam-krb5 3.13 - Local Privilege Escalation

pam-krb5 3.13 - Local Privilege Escalation / cve-2009-0360.c pam-krb5 http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0360 pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which...

pam-krb5 < 3.13 - Local Privilege Escalation

/ cve-2009-0360.c pam-krb5 http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0360 pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by...

pam-krb5 < 3.13 Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits ================================================== pam-krb5 3.13 Local Privilege Escalation Exploit ================================================== / cve-2009-0360.c pam-krb5 3.13 local privilege escalation Information:...

GLSA-200903-39 : pam_krb5: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-200903-39 pamkrb5: Privilege escalation The following vulnerabilities were discovered: pamkrb5 does not properly initialize the Kerberos libraries for setuid use CVE-2009-0360. Derek Chan reported that calls to pamsetcred are not...

pam_krb5: Privilege escalation

Background pamkrb5 is a a Kerberos v5 PAM module. Description The following vulnerabilities were discovered: pamkrb5 does not properly initialize the Kerberos libraries for setuid use CVE-2009-0360. Derek Chan reported that calls to pamsetcred are not properly handled when running setuid...

Ubuntu Update for linux-source-2.6.15 vulnerabilities USN-508-1

Ubuntu Update for Linux kernel vulnerabilities USN-508-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5081.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for linux-source-2.6.15 vulnerabilities USN-508-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-508-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for linux-source-2.6.17 vulnerabilities USN-509-1

Ubuntu Update for Linux kernel vulnerabilities USN-509-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5091.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for linux-source-2.6.17 vulnerabilities USN-509-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-509-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...