SSHD-Poison - A Tool To Get Creds Of Pam Based SSHD Authentication

sshd-poison is a tool to get creds of pam based sshd authentication, this is not the easiest way to do that you can create a pam module, or just add auth optional pamexec.so quiet exposeauthtok /bin/bash -c read,-r,x;echo,-e,"env\n$x"somefile in a service configuration, not even the stealthiest t...

CVE-2017-10615

A vulnerability in the pluggable authentication module PAM of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS releases are: 14.1 fr...

pam-krb5 < 3.13 Local Privilege Escalation Exploit

No description provided by source. / cve-2009-0360.c pam-krb5 3.13 local privilege escalation Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0360 pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly...

pam-krb5 3.13 - Local Privilege Escalation

pam-krb5 3.13 - Local Privilege Escalation / cve-2009-0360.c pam-krb5 http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0360 pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which...

pam-krb5 < 3.13 - Local Privilege Escalation

/ cve-2009-0360.c pam-krb5 http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0360 pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by...

pam-krb5 < 3.13 Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits ================================================== pam-krb5 3.13 Local Privilege Escalation Exploit ================================================== / cve-2009-0360.c pam-krb5 3.13 local privilege escalation Information:...

GLSA-200903-39 : pam_krb5: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-200903-39 pamkrb5: Privilege escalation The following vulnerabilities were discovered: pamkrb5 does not properly initialize the Kerberos libraries for setuid use CVE-2009-0360. Derek Chan reported that calls to pamsetcred are not...

pam_krb5: Privilege escalation

Background pamkrb5 is a a Kerberos v5 PAM module. Description The following vulnerabilities were discovered: pamkrb5 does not properly initialize the Kerberos libraries for setuid use CVE-2009-0360. Derek Chan reported that calls to pamsetcred are not properly handled when running setuid...

CVE-2009-0360

Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid...