6.2

CVE-2009-0360

EPSS 0.25%
Veröffentlicht 13.02.2009 17:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 21

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eyrie ≫ Pam-krb5 Version <= 3.12

Eyrie ≫ Pam-krb5 Version2.0

Eyrie ≫ Pam-krb5 Version2.1

Eyrie ≫ Pam-krb5 Version2.2

Eyrie ≫ Pam-krb5 Version2.3

Eyrie ≫ Pam-krb5 Version2.4

Eyrie ≫ Pam-krb5 Version2.5

Eyrie ≫ Pam-krb5 Version2.6

Eyrie ≫ Pam-krb5 Version3.0

Eyrie ≫ Pam-krb5 Version3.1

Eyrie ≫ Pam-krb5 Version3.2

Eyrie ≫ Pam-krb5 Version3.3

Eyrie ≫ Pam-krb5 Version3.4

Eyrie ≫ Pam-krb5 Version3.5

Eyrie ≫ Pam-krb5 Version3.6

Eyrie ≫ Pam-krb5 Version3.7

Eyrie ≫ Pam-krb5 Version3.8

Eyrie ≫ Pam-krb5 Version3.9

Eyrie ≫ Pam-krb5 Version3.10

Eyrie ≫ Pam-krb5 Version3.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.48

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.2	1.9	10	AV:L/AC:H/Au:N/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/33914

Vendor Advisory

http://secunia.com/advisories/33917

Vendor Advisory

http://secunia.com/advisories/34260

http://secunia.com/advisories/34449

http://security.gentoo.org/glsa/glsa-200903-39.xml

http://securitytracker.com/id?1021711

http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1

http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm

http://www.debian.org/security/2009/dsa-1721

http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html

Vendor Advisory

http://www.securityfocus.com/archive/1/500892/100/0/threaded

http://www.securityfocus.com/bid/33740

http://www.ubuntu.com/usn/USN-719-1

http://www.vupen.com/english/advisories/2009/0410

http://www.vupen.com/english/advisories/2009/0426

http://www.vupen.com/english/advisories/2009/0979

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5669

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5732

https://nvd.nist.gov/vuln/detail/CVE-2009-0360

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0360

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0360

EUVD