Recent vulnerabilities discovered in libpam-krb5 permit local users to evade authentication processes, potentially obtaining root access on Ubuntu systems.
It was discovered that pam_krb5 parsed environment variables when run with setuid applications