5 matches found
Ubuntu 16.04 LTS / 18.04 LTS : pam-krb5 vulnerability (USN-4314-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4314-1 advisory. Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code. Tenable...
CVE-2009-0361
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pamsetcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, a...
CVE-2009-0360
CVE-2009-0360 affects the PAM Kerberos library (pam-krb5) when linked against MIT Kerberos, where improper initialization for setuid use allows a local attacker to gain privileges by pointing an environment variable to a modified Kerberos config file and launching a PAM-based setuid application. ...
Debian DSA-1721-1 : libpam-krb5 - several vulnerabilities
Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0360 Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from environment variables...
Debian Security Advisory DSA 1109-1 (rssh)
The remote host is missing an update to rssh announced via advisory DSA 1109-1. Russ Allbery discovered that rssh, a restricted shell, performs insufficient checking of incoming commands, which might lead to a bypass of access restrictions. OpenVAS Vulnerability Test $Id: deb11091.nasl 6616...