|
pam-krb5 File Overwrite and Privilege Escalation
|
|
Secunia Advisory:
|
SA33914
|
|
|
Release Date:
|
2009-02-12
|
|
Popularity:
|
2,102 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Manipulation of data
Privilege escalation
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | pam-krb5 3.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Some vulnerabilities have been reported in pam-krb5, which can be exploited by malicious, local users to overwrite files and to gain escalated privileges.
1) An error exists due to pam-krb5 not using the correct API for initialising the Kerberos libraries in a setuid context. This can be exploited to bypass authentication checks in setuid applications that use PAM for authentication by specifying the Kerberos configuration via environment variables.
2) An error exists in "pam_setcred" when being invoked with "PAM_REINITIALIZE_CREDS" or "PAM_REFRESH_CREDS" by a setuid application without first calling "PAM_ESTABLISH_CREDS" or dropping privileges (e.g. "su" in Solaris 10). This can be exploited to overwrite and chown a file specified via the "KRB5CCNAME" environment variable.
The vulnerabilities are reported in versions prior to 3.13.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
