Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-0360 | First vendor Publication | 2009-02-13 |
Vendor | Cve | Last vendor Modification | 2018-10-11 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 1.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0360 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5732 | |||
Oval ID: | oval:org.mitre.oval:def:5732 | ||
Title: | A Security Vulnerability in the Solaris Kerberos PAM Module May Allow Use of a User Specified Kerberos Configuration File, Leading to Escalation of Privileges | ||
Description: | Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0360 | Version: | 1 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2009-03-29 | pam-krb5 < 3.13 Local Privilege Escalation Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2009-06-05 | Name : Ubuntu USN-719-1 (libpam-krb5) File : nvt/ubuntu_719_1.nasl |
2009-05-05 | Name : HP-UX Update for PAM Kerberos HPSBUX02415 File : nvt/gb_hp_ux_HPSBUX02415.nasl |
2009-03-31 | Name : Gentoo Security Advisory GLSA 200903-39 (pam_krb5) File : nvt/glsa_200903_39.nasl |
2009-02-13 | Name : Debian Security Advisory DSA 1721-1 (libpam-krb5) File : nvt/deb_1721_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54343 | Russ Allbery pam-krb5 Kerberos Library Initialization Subversion Local Privil... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-719-1.nasl - Type : ACT_GATHER_INFO |
2009-03-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-39.nasl - Type : ACT_GATHER_INFO |
2009-02-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1721.nasl - Type : ACT_GATHER_INFO |
2009-02-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1722.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 112908-38 File : solaris9_112908.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 115168-24 File : solaris9_x86_115168.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:09:05 |
|
2021-04-22 01:09:26 |
|
2020-05-23 01:39:59 |
|
2020-05-23 00:23:17 |
|
2018-10-12 00:20:36 |
|
2017-09-29 09:24:03 |
|
2016-04-26 18:35:54 |
|
2014-12-16 13:24:29 |
|
2014-02-17 10:48:38 |
|
2013-05-10 23:43:18 |
|