Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2015/10/30 10:13 a.m.17 views

CVE-2009-0361

Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pamsetcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, a...

4.6CVSS7AI score0.00381EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2009/06/05 12:0 a.m.26 views

Ubuntu: Security Advisory (USN-719-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.2CVSS9.6AI score0.00695EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.31 views

Ubuntu 8.04 LTS / 8.10 : libpam-krb5 vulnerabilities (USN-719-1)

It was discovered that pamkrb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. CVE-2009-0360 Derek Chan discovered that pamkrb5 incorrectly handled refreshing existing credentials wh...

6.2CVSS5.7AI score0.00695EPSS
Exploits7References3
OpenVAS
OpenVAS
added 2009/03/31 12:0 a.m.32 views

Gentoo Security Advisory GLSA 200903-39 (pam_krb5)

The remote host is missing updates announced in advisory GLSA 200903-39. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

6.2CVSS0.3AI score0.00695EPSS
Exploits7
OSV
OSV
added 2009/02/13 5:30 p.m.10 views

CVE-2009-0361

Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pamsetcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, a...

6.1AI score
Exploits0References20
Debian CVE
Debian CVE
added 2009/02/13 5:0 p.m.55 views

CVE-2009-0361

Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pamsetcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, a...

4.6CVSS8.7AI score0.00381EPSS
Exploits1
CVE
CVE
added 2009/02/13 5:0 p.m.69 views

CVE-2009-0361

CVE-2009-0361 concerns pam_krb5 in libpam-krb5 and related components. Concrete details in connected documents show that pam_krb5 fails to handle pam_setcred correctly when a process runs setuid, enabling a local user to create or modify arbitrary files by setting the KRB5CCNAME environment varia...

4.6CVSS8.6AI score0.00381EPSS
Exploits1References20Affected Software1
Tenable Nessus
Tenable Nessus
added 2009/02/13 12:0 a.m.32 views

Debian DSA-1721-1 : libpam-krb5 - several vulnerabilities

Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0360 Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from environment variables...

6.2CVSS5.4AI score0.00695EPSS
Exploits7References5
OpenVAS
OpenVAS
added 2009/02/13 12:0 a.m.24 views

Debian: Security Advisory (DSA-1722-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.6CVSS9.6AI score0.00381EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2009/02/13 12:0 a.m.34 views

Debian Security Advisory DSA 1721-1 (libpam-krb5)

The remote host is missing an update to libpam-krb5 announced via advisory DSA 1721-1. OpenVAS Vulnerability Test $Id: deb17211.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1721-1 libpam-krb5 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

6.2CVSS0.7AI score0.00695EPSS
Exploits7
Ubuntu
Ubuntu
added 2009/02/12 7:12 p.m.70 views

USN-719-1: pam-krb5 vulnerabilities

It was discovered that pamkrb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. CVE-2009-0360 Derek Chan discovered that pamkrb5 incorrectly handled refreshing existing credentials wh...

6.2CVSS5.5AI score0.00695EPSS
Exploits7
securityvulns
securityvulns
added 2009/02/12 12:0 a.m.53 views

[SECURITY] [DSA 1722-1] New libpam-heimdal packages fix local privilege escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1722-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 11, 2009 http://www.debian.org/security/faq -...

4.6CVSS0.3AI score0.00381EPSS
Exploits1
securityvulns
securityvulns
added 2009/02/12 12:0 a.m.54 views

pam-krb5 security advisory (3.12 and earlier)

pam-krb5 security vulnerability Vulerability type: Local privilege escalation, local file overwrite Versions affected: All versions prior to 3.13 Versions fixed: 3.13 and later Reported: 2009-01-29 Public announcement: 2009-02-11 CVE IDs: CVE-2009-0360, CVE-2009-0361 A security vulnerability in...

6.2CVSS1.9AI score0.00695EPSS
Exploits7
Debian
Debian
added 2009/02/11 9:4 p.m.47 views

[SECURITY] [DSA 1722-1] New libpam-heimdal packages fix local privilege escalation

------------------------------------------------------------------------ Debian Security Advisory DSA-1722-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 11, 2009 http://www.debian.org/security/faq -...

4.6CVSS6AI score0.00381EPSS
Exploits1
Debian
Debian
added 2009/02/11 8:58 p.m.90 views

[SECURITY] [DSA 1721-1] New libpam-krb5 packages fix local privilege escalation

------------------------------------------------------------------------ Debian Security Advisory DSA-1721-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 11, 2009 http://www.debian.org/security/faq -...

6.2CVSS7AI score0.00695EPSS
Exploits7
OSV
OSV
added 2009/02/11 12:0 a.m.34 views

DSA-1721-1 libpam-krb5 - local privilege

Bulletin has no description...

6.2CVSS9.3AI score0.00695EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2008/12/17 12:0 a.m.26 views

Solaris 10 (sparc) : 138371-06

SunOS 5.10: mechkrb5.so.1 patch. Date this patch was last updated by Sun : Mar/24/09 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/10/24. C Tenable Network Security, Inc. if !...

6.2CVSS6.6AI score0.00695EPSS
Exploits7References3
Tenable Nessus
Tenable Nessus
added 2008/12/17 12:0 a.m.33 views

Solaris 10 (x86) : 138372-06

SunOS 5.10x86: mechkrb5.so.1 patch. Date this patch was last updated by Sun : Mar/24/09 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/10/24. C Tenable Network Security, Inc. if !...

6.2CVSS6.6AI score0.00695EPSS
Exploits7References3
Rows per page
Query Builder