CVE-2009-0361

by Fred · 13/02/2009

Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.

Date published : 2009-02-13

http://www.securityfocus.com/bid/33741

http://www.securityfocus.com/archive/1/500892/100/0/threaded

CVE-2009-0361

Similar

Recent Posts

Categories

CVE-2009-0361

Share this:

Similar

Recent Posts

Categories

Tags