openSUSE Security Update : pam_krb5 (pam_krb5-218)

Insufficient file access permissions checks allowed users to read Kerberos tickes of other users if pamkrb5 was configured with the option 'existingticket' CVE-2008-3825. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...

Mandriva Update for pam_krb5 MDVSA-2008:209 (pam_krb5)

Check for the Version of pamkrb5 OpenVAS Vulnerability Test Mandriva Update for pamkrb5 MDVSA-2008:209 pamkrb5 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

RedHat Update for pam_krb5 RHSA-2008:0907-01

Check for the Version of pamkrb5 OpenVAS Vulnerability Test RedHat Update for pamkrb5 RHSA-2008:0907-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

RedHat Update for pam_krb5 RHSA-2008:0907-01

Check for the Version of pamkrb5 OpenVAS Vulnerability Test RedHat Update for pamkrb5 RHSA-2008:0907-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

openSUSE 10 Security Update : pam_krb5 (pam_krb5-5624)

Insufficient file access permissions checks allowed users to read Kerberos tickes of other users if pamkrb5 was configured with the option 'existingticket' CVE-2008-3825. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...

pam_krb5 privilege escalation

Privilege escalation is possible if existingticket credentials caching option is used...

[ MDVSA-2008:209 ] pam_krb5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2008:209 http://www.mandriva.com/security/ Package : pamkrb5 Date : October 3, 2008 Affected: 2007.1, 2008.0, 2008.1 Problem Description: St©phane Bertin discovered a flaw in the pamkrb5 existingticket...

pam_krb5 existing_ticket permission flaw

pamkrb5 2.2.14 in Red Hat Enterprise Linux RHEL 5 and earlier, when the existingticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename a...

Moderate: Red Hat Security Advisory: pam_krb5 security update

An updated pamkrb5 package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The pamkrb5 module allows Pluggable Authentication Modules PAM aware applications to use...