CVE-2009-0360
Published Feb 13, 2009
Last updated 6 years ago
Overview
- Description
- Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.2
- Impact score
- 10
- Exploitability score
- 1.9
- Vector string
- AV:L/AC:H/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-287
Evaluator
- Comment
- Per vendor advisory: http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html "This advisory is only for my pam-krb5 module, as distributed from my web site and packaged by Debian, Ubuntu, and Gentoo."
- Impact
- -
- Solution
- -
Vendor comments
- Red HatNot vulnerable. This issue did not affect the versions of the pam_krb5 package, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "989241C8-BC2F-4DE2-BF9E-9CC64198AF5A",
"versionEndIncluding": "3.12"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4E491A2-9478-4462-8BCD-6DD79954C418"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4837527C-9618-412F-A8CB-87122CF35B71"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F20698B7-B13B-488C-A49F-90A4490DA0F5"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81821DD4-343A-4CDE-A7A6-CA606662971C"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7A629B4-55FA-418E-97FC-935B022A4F92"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B5451CD-CDCC-4D9D-A076-45E7B14EEF76"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7761042-9FFB-4235-9A34-22B91CE2CA73"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "633EE1E7-1B5D-4D10-BA4B-D13A15BA68B2"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B6844EE-3552-429A-A3D8-9A6B6C3B2785"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9619E40-83AA-46D6-AECF-CC7FF6B1ED1B"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FF1D6C7-15E6-4DAA-92C1-C216905866B4"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB0342E5-B622-4A5E-A57F-6EAF85E268C1"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2684C7D-B266-4460-9DAD-945B4DECF57C"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:3.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FDC110CB-253F-44E6-8515-FC9025EBF57F"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:3.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D78AEED8-34AB-41B7-926F-6F7995253E5A"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:3.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB53833E-EB9E-4ED8-8BC5-B681BE0B2897"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:3.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0FE72618-6BE5-45F3-A782-991A73C09389"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:3.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "315E2FB7-EEE5-48AA-B058-F53AEA210807"
},
{
"criteria": "cpe:2.3:a:eyrie:pam-krb5:3.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4421B50-CC46-4EA6-AACF-DBE0EE76A389"
}
],
"operator": "OR"
}
]
}
]