4.4

CVE-2008-3825

EPSS 0.05%
Veröffentlicht 03.10.2008 15:07:10
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 19

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Enterprise Linux Version5 Updateunknown Editionserver

Redhat ≫ Enterprise Linux Desktop Version5 Updateunknown Editionclient

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.167

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

http://www.securityfocus.com/archive/1/516397/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

http://secunia.com/advisories/32119

http://secunia.com/advisories/32135

http://secunia.com/advisories/32174

http://secunia.com/advisories/43314

http://www.mandriva.com/security/advisories?name=MDVSA-2008:209

http://www.redhat.com/support/errata/RHSA-2008-0907.html

http://www.securityfocus.com/bid/31534

http://www.securitytracker.com/id?1020978

https://bugzilla.redhat.com/show_bug.cgi?id=461960

https://exchange.xforce.ibmcloud.com/vulnerabilities/45635

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10923

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00150.html

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00166.html

https://nvd.nist.gov/vuln/detail/CVE-2008-3825

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3825

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3825

EUVD