18 matches found
CVE-2009-0361
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pamsetcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, a...
Ubuntu: Security Advisory (USN-719-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 8.04 LTS / 8.10 : libpam-krb5 vulnerabilities (USN-719-1)
It was discovered that pamkrb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. CVE-2009-0360 Derek Chan discovered that pamkrb5 incorrectly handled refreshing existing credentials wh...
Gentoo Security Advisory GLSA 200903-39 (pam_krb5)
The remote host is missing updates announced in advisory GLSA 200903-39. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
CVE-2009-0361
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pamsetcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, a...
CVE-2009-0361
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pamsetcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, a...
CVE-2009-0361
CVE-2009-0361 concerns pam_krb5 in libpam-krb5 and related components. Concrete details in connected documents show that pam_krb5 fails to handle pam_setcred correctly when a process runs setuid, enabling a local user to create or modify arbitrary files by setting the KRB5CCNAME environment varia...
Debian DSA-1721-1 : libpam-krb5 - several vulnerabilities
Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0360 Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from environment variables...
Debian: Security Advisory (DSA-1722-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1721-1 (libpam-krb5)
The remote host is missing an update to libpam-krb5 announced via advisory DSA 1721-1. OpenVAS Vulnerability Test $Id: deb17211.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1721-1 libpam-krb5 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
USN-719-1: pam-krb5 vulnerabilities
It was discovered that pamkrb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. CVE-2009-0360 Derek Chan discovered that pamkrb5 incorrectly handled refreshing existing credentials wh...
[SECURITY] [DSA 1722-1] New libpam-heimdal packages fix local privilege escalation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1722-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 11, 2009 http://www.debian.org/security/faq -...
pam-krb5 security advisory (3.12 and earlier)
pam-krb5 security vulnerability Vulerability type: Local privilege escalation, local file overwrite Versions affected: All versions prior to 3.13 Versions fixed: 3.13 and later Reported: 2009-01-29 Public announcement: 2009-02-11 CVE IDs: CVE-2009-0360, CVE-2009-0361 A security vulnerability in...
[SECURITY] [DSA 1722-1] New libpam-heimdal packages fix local privilege escalation
------------------------------------------------------------------------ Debian Security Advisory DSA-1722-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 11, 2009 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1721-1] New libpam-krb5 packages fix local privilege escalation
------------------------------------------------------------------------ Debian Security Advisory DSA-1721-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 11, 2009 http://www.debian.org/security/faq -...
DSA-1721-1 libpam-krb5 - local privilege
Bulletin has no description...
Solaris 10 (sparc) : 138371-06
SunOS 5.10: mechkrb5.so.1 patch. Date this patch was last updated by Sun : Mar/24/09 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/10/24. C Tenable Network Security, Inc. if !...
Solaris 10 (x86) : 138372-06
SunOS 5.10x86: mechkrb5.so.1 patch. Date this patch was last updated by Sun : Mar/24/09 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/10/24. C Tenable Network Security, Inc. if !...