Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-02-13T17:00:00
Updated: 2018-10-11T19:57:01
Reserved: 2009-01-29T00:00:00
Link: CVE-2009-0360
JSON object: View
NVD Information
Status : Modified
Published: 2009-02-13T17:30:00.640
Modified: 2018-10-11T21:01:24.757
Link: CVE-2009-0360
JSON object: View
Redhat Information
No data.
CWE