This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Eyrie First view 2009-02-13
Product Pam-krb5 Last view 2009-05-28
Version 2.3 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:eyrie:pam-krb5

Activity : Overall

Related : CVE

  Date Alert Description
5 2009-05-28 CVE-2009-1384

pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

4.6 2009-02-13 CVE-2009-0361

Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.

6.2 2009-02-13 CVE-2009-0360

Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-287 Improper Authentication
33% (1) CWE-264 Permissions, Privileges, and Access Controls

Open Source Vulnerability Database (OSVDB)

id Description
54791 pam_krb5 Login Prompt Remote Username Enumeration
54344 Russ Allbery pam-krb5 pam_setcred KRB5CCNAME Environment Variable Arbitrary F...
54343 Russ Allbery pam-krb5 Kerberos Library Initialization Subversion Local Privil...

ExploitDB Exploits

id Description
8303 pam-krb5 < 3.13 Local Privilege Escalation Exploit

OpenVAS Exploits

id Description
2012-04-16 Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2012-03-16 Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2010-04-06 Name : RedHat Update for pam_krb5 RHSA-2010:0258-04
File : nvt/gb_RHSA-2010_0258-04_pam_krb5.nasl
2010-03-12 Name : Mandriva Update for pam_krb5 MDVSA-2010:054 (pam_krb5)
File : nvt/gb_mandriva_MDVSA_2010_054.nasl
2010-02-15 Name : Mandriva Update for cacti MDVA-2010:054 (cacti)
File : nvt/gb_mandriva_MDVA_2010_054.nasl
2009-06-30 Name : Fedora Core 11 FEDORA-2009-5983 (pam_krb5)
File : nvt/fcore_2009_5983.nasl
2009-06-30 Name : Fedora Core 10 FEDORA-2009-6255 (pam_krb5)
File : nvt/fcore_2009_6255.nasl
2009-06-30 Name : Fedora Core 9 FEDORA-2009-6279 (pam_krb5)
File : nvt/fcore_2009_6279.nasl
2009-06-05 Name : Ubuntu USN-719-1 (libpam-krb5)
File : nvt/ubuntu_719_1.nasl
2009-05-05 Name : HP-UX Update for PAM Kerberos HPSBUX02415
File : nvt/gb_hp_ux_HPSBUX02415.nasl
2009-03-31 Name : Gentoo Security Advisory GLSA 200903-39 (pam_krb5)
File : nvt/glsa_200903_39.nasl
2009-02-13 Name : Debian Security Advisory DSA 1721-1 (libpam-krb5)
File : nvt/deb_1721_1.nasl
2009-02-13 Name : Debian Security Advisory DSA 1722-1 (libpam-heimdal)
File : nvt/deb_1722_1.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2011-A-0066 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0027158

Nessus® Vulnerability Scanner

id Description
2016-03-08 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2010-0009_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2011-0003_remote.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing a security update.
File: sl_20100330_pam_krb5_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2011-02-14 Name: The remote VMware ESXi / ESX host is missing one or more security-related pat...
File: vmware_VMSA-2011-0003.nasl - Type: ACT_GATHER_INFO
2010-06-01 Name: The remote VMware ESXi / ESX host is missing one or more security-related pat...
File: vmware_VMSA-2010-0009.nasl - Type: ACT_GATHER_INFO
2010-05-11 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2010-0258.nasl - Type: ACT_GATHER_INFO
2010-03-05 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2010-054.nasl - Type: ACT_GATHER_INFO
2009-06-28 Name: The remote Fedora host is missing a security update.
File: fedora_2009-6279.nasl - Type: ACT_GATHER_INFO
2009-06-28 Name: The remote Fedora host is missing a security update.
File: fedora_2009-6255.nasl - Type: ACT_GATHER_INFO
2009-06-28 Name: The remote Fedora host is missing a security update.
File: fedora_2009-5983.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-719-1.nasl - Type: ACT_GATHER_INFO
2009-03-27 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200903-39.nasl - Type: ACT_GATHER_INFO
2009-02-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1721.nasl - Type: ACT_GATHER_INFO
2009-02-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1722.nasl - Type: ACT_GATHER_INFO
2004-07-12 Name: The remote host is missing Sun Security Patch number 112908-38
File: solaris9_112908.nasl - Type: ACT_GATHER_INFO
2004-07-12 Name: The remote host is missing Sun Security Patch number 115168-24
File: solaris9_x86_115168.nasl - Type: ACT_GATHER_INFO