4.4

CVE-2008-3825

EPSS 0.05%
Published 03.10.2008 15:07:10
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance.

Affected products Warnungen 0 Metrics 2 CWE 0 References 19

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Enterprise Linux Version5 Updateunknown Editionserver

Redhat ≫ Enterprise Linux Desktop Version5 Updateunknown Editionclient

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.167

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

http://www.securityfocus.com/archive/1/516397/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

http://secunia.com/advisories/32119

http://secunia.com/advisories/32135

http://secunia.com/advisories/32174

http://secunia.com/advisories/43314

http://www.mandriva.com/security/advisories?name=MDVSA-2008:209

http://www.redhat.com/support/errata/RHSA-2008-0907.html

http://www.securityfocus.com/bid/31534

http://www.securitytracker.com/id?1020978

https://bugzilla.redhat.com/show_bug.cgi?id=461960

https://exchange.xforce.ibmcloud.com/vulnerabilities/45635

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10923

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00150.html

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00166.html

https://nvd.nist.gov/vuln/detail/CVE-2008-3825

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3825

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3825

EUVD