CVE-2009-0361
published 2009-02-13CVE-2009-0361: Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running…
PriorityP419medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.38%
29.9th percentile
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libpam-krb5 | < libpam-krb5 3.13-2 (bookworm) | libpam-krb5 3.13-2 (bookworm) |
| eyrie | pam-krb5 | <= 3.12 | — |
| eyrie | pam-krb5 | — | — |
| eyrie | pam-krb5 | — | — |
| eyrie | pam-krb5 | — | — |
| eyrie | pam-krb5 | — | — |
| eyrie | pam-krb5 | — | — |
| eyrie | pam-krb5 | — | — |
| eyrie | pam-krb5 | — | — |
| eyrie | pam-krb5 | — | — |
| eyrie | pam-krb5 | — | — |
| eyrie | pam-krb5 | — | — |
| eyrie | pam-krb5 | — | — |
| eyrie | pam-krb5 | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_ubuntu6.2MEDIUM
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
pam-krb5 vulnerabilities
vendor_ubuntu·2009-02-12·CVSS 6.2
CVE-2009-0360 [MEDIUM] pam-krb5 vulnerabilities
Title: pam-krb5 vulnerabilities
Summary: pam-krb5 vulnerabilities
It was discovered that pam_krb5 parsed environment variables when run with
setuid applications. A local attacker could exploit this flaw to bypass
authentication checks and gain root privileges. (CVE-2009-0360)
Derek Chan discovered that pam_krb5 incorrectly handled refreshing existing
credentials when used with setuid applications. A local attacker could exploit
this to create or overwrite arbitrary files, and possibly gain root privileges.
(CVE-2009-0361)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Debian
CVE-2009-0361: libpam-krb5 - Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, ...
vendor_debian·2009·CVSS 4.6
CVE-2009-0361 [MEDIUM] CVE-2009-0361: libpam-krb5 - Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, ...
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.
Scope: local
bookworm: resolved (fixed in 3.13-2)
bullseye: resolved (fixed in 3.13-2)
forky: resolved (fixed in 3.13-2)
sid: resolved (fixed in 3.13-2)
trixie: resolved (fixed in 3.13-2)
Red Hat
CVE-2009-0361: Russ Allbery pam-krb5 before 3
vendor_redhat·CVSS 4.6
CVE-2009-0361 [MEDIUM] CVE-2009-0361: Russ Allbery pam-krb5 before 3
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.
Statement: Not vulnerable. This issue did not affect the versions of the pam_krb5 package, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
GHSA
GHSA-rcf3-vv2f-fwg2: Russ Allbery pam-krb5 before 3
ghsa_unreviewed·2022-05-02
CVE-2009-0361 [MEDIUM] GHSA-rcf3-vv2f-fwg2: Russ Allbery pam-krb5 before 3
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.
OSV
CVE-2009-0361: Russ Allbery pam-krb5 before 3
osv·2009-02-13·CVSS 4.6
CVE-2009-0361 [MEDIUM] CVE-2009-0361: Russ Allbery pam-krb5 before 3
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/33914http://secunia.com/advisories/33917http://secunia.com/advisories/33918http://secunia.com/advisories/34260http://secunia.com/advisories/34449http://security.gentoo.org/glsa/glsa-200903-39.xmlhttp://securitytracker.com/id?1021711http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1http://support.avaya.com/elmodocs2/security/ASA-2009-070.htmhttp://www.debian.org/security/2009/dsa-1721http://www.debian.org/security/2009/dsa-1722http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.htmlhttp://www.securityfocus.com/archive/1/500892/100/0/threadedhttp://www.securityfocus.com/bid/33741http://www.ubuntu.com/usn/USN-719-1http://www.vupen.com/english/advisories/2009/0410http://www.vupen.com/english/advisories/2009/0426http://www.vupen.com/english/advisories/2009/0979https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5403https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5521http://secunia.com/advisories/33914http://secunia.com/advisories/33917http://secunia.com/advisories/33918http://secunia.com/advisories/34260http://secunia.com/advisories/34449http://security.gentoo.org/glsa/glsa-200903-39.xmlhttp://securitytracker.com/id?1021711http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1http://support.avaya.com/elmodocs2/security/ASA-2009-070.htmhttp://www.debian.org/security/2009/dsa-1721http://www.debian.org/security/2009/dsa-1722http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.htmlhttp://www.securityfocus.com/archive/1/500892/100/0/threadedhttp://www.securityfocus.com/bid/33741http://www.ubuntu.com/usn/USN-719-1http://www.vupen.com/english/advisories/2009/0410http://www.vupen.com/english/advisories/2009/0426http://www.vupen.com/english/advisories/2009/0979https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5403https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5521
2009-02-13
Published