pam-krb5 vulnerabilities

2009-02-12T00:00:00
ID USN-719-1
Type ubuntu
Reporter Ubuntu
Modified 2009-02-12T00:00:00

Description

It was discovered that pam_krb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. (CVE-2009-0360)

Derek Chan discovered that pam_krb5 incorrectly handled refreshing existing credentials when used with setuid applications. A local attacker could exploit this to create or overwrite arbitrary files, and possibly gain root privileges. (CVE-2009-0361)