17 matches found
Ubuntu: Security Advisory (USN-719-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 8.04 LTS / 8.10 : libpam-krb5 vulnerabilities (USN-719-1)
It was discovered that pamkrb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. CVE-2009-0360 Derek Chan discovered that pamkrb5 incorrectly handled refreshing existing credentials wh...
Gentoo Security Advisory GLSA 200903-39 (pam_krb5)
The remote host is missing updates announced in advisory GLSA 200903-39. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
pam-krb5 3.13 - Local Privilege Escalation
pam-krb5 3.13 - Local Privilege Escalation / cve-2009-0360.c pam-krb5 http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0360 pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which...
pam-krb5 < 3.13 Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits ================================================== pam-krb5 3.13 Local Privilege Escalation Exploit ================================================== / cve-2009-0360.c pam-krb5 3.13 local privilege escalation Information:...
CVE-2009-0360
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid...
CVE-2009-0360
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid...
CVE-2009-0360
CVE-2009-0360 affects the PAM Kerberos library (pam-krb5) when linked against MIT Kerberos, where improper initialization for setuid use allows a local attacker to gain privileges by pointing an environment variable to a modified Kerberos config file and launching a PAM-based setuid application. ...
CVE-2009-0360
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid...
Debian DSA-1721-1 : libpam-krb5 - several vulnerabilities
Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0360 Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from environment variables...
Debian Security Advisory DSA 1721-1 (libpam-krb5)
The remote host is missing an update to libpam-krb5 announced via advisory DSA 1721-1. OpenVAS Vulnerability Test $Id: deb17211.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1721-1 libpam-krb5 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
USN-719-1: pam-krb5 vulnerabilities
It was discovered that pamkrb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. CVE-2009-0360 Derek Chan discovered that pamkrb5 incorrectly handled refreshing existing credentials wh...
pam-krb5 security advisory (3.12 and earlier)
pam-krb5 security vulnerability Vulerability type: Local privilege escalation, local file overwrite Versions affected: All versions prior to 3.13 Versions fixed: 3.13 and later Reported: 2009-01-29 Public announcement: 2009-02-11 CVE IDs: CVE-2009-0360, CVE-2009-0361 A security vulnerability in...
[SECURITY] [DSA 1721-1] New libpam-krb5 packages fix local privilege escalation
------------------------------------------------------------------------ Debian Security Advisory DSA-1721-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 11, 2009 http://www.debian.org/security/faq -...
DSA-1721-1 libpam-krb5 - local privilege
Bulletin has no description...
Solaris 10 (sparc) : 138371-06
SunOS 5.10: mechkrb5.so.1 patch. Date this patch was last updated by Sun : Mar/24/09 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/10/24. C Tenable Network Security, Inc. if !...
Solaris 10 (x86) : 138372-06
SunOS 5.10x86: mechkrb5.so.1 patch. Date this patch was last updated by Sun : Mar/24/09 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/10/24. C Tenable Network Security, Inc. if !...