Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: GLSA 200903-39 High: pam_krb5 Privilege Escalation Threat

gentoo
Calendar Grey March 25, 2009
Dist Gentoo Esm H88
Uncover serious pam_krb5 security flaws in Gentoo leading to local privilege escalation and unauthorized file modification.
Two vulnerabilities in pam_krb5 might allow local users to elevate their privileges or overwrite arbitrary files.

Summary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo Linux Security Advisory                           GLSA 200903-39
                                            https://security.gentoo.org/

  Severity: High
     Title: pam_krb5: Privilege escalation
      Date: March 25, 2009
      Bugs: #257075
        ID: 200903-39


Synopsis
=======
Two vulnerabilities in pam_krb5 might allow local users to elevate
their privileges or overwrite arbitrary files.

Background
=========
pam_krb5 is a a Kerberos v5 PAM module.

Affected packages
================
    -------------------------------------------------------------------
     Package            /  Vulnerable  /                    Unaffected
    -------------------------------------------------------------------
  1  sys-auth/pam_krb5       < 3.12                            >= 3.12

==========
The following vulnerabilities were discovered:

* pam_krb5 does not properly initialize the Kerberos libraries for
  setuid use (CVE-2009-0360).

* Derek C...
Read the Full Advisory
Topics%20covered

Topics Covered

security advisory high severity privilege escalation local attack gentoo linux pam_krb5

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory high severity privilege escalation local attack gentoo linux pam_krb5

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here