Launchpad.net

CVE 2009-0361

Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.

Related bugs and status

CVE-2009-0361 (Candidate) is related to these bugs:

Bug #227531: pam_krb5 should use syslog with facility LOG_AUTH

Summary				In	Importance	Status
	227531	pam_krb5 should use syslog with facility LOG_AUTH		libpam-krb5 (Ubuntu)	Undecided	Fix Released
	227531	pam_krb5 should use syslog with facility LOG_AUTH		libpam-krb5 (Ubuntu Hardy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.eyrie.org/~...
DEBIAN: DSA-1721
DEBIAN: DSA-1722
UBUNTU: USN-719-1
BID: 33741
SECTRACK: 1021711
SECUNIA: 33914
SECUNIA: 33917
SECUNIA: 33918
SUNALERT: 252767
CONFIRM: http://support.avaya.c...
SECUNIA: 34260
GENTOO: GLSA-200903-39
SECUNIA: 34449
VUPEN: ADV-2009-0979
VUPEN: ADV-2009-0410
VUPEN: ADV-2009-0426
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20090211 pam-krb5 secu...