4.6 - CVE-2009-0361

Executive Summary

Informations
Name	CVE-2009-0361	First vendor Publication	2009-02-13
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	4.6	Attack Range	Local
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0361

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-264	Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13544

Oval ID:	oval:org.mitre.oval:def:13544
Title:	DSA-1722-1 libpam-heimdal -- programming error
Description:	Derek Chan discovered that the PAM module for the Heimdal Kerberos implementation allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to local privilege escalation. For the stable distribution, this problem has been fixed in version 2.5-1etch1. For the upcoming stable distribution, this problem has been fixed in version 3.10-2.1. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your libpam-heimdal package.
Family:	unix	Class:	patch
Reference(s):	DSA-1722-1 CVE-2009-0361	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	libpam-heimdal
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is ia64 AND Installed architecture is mips AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND libpam-heimdal DPKG is earlier than 2.5-1etch1

Definition Id: oval:org.mitre.oval:def:13723

Oval ID:	oval:org.mitre.oval:def:13723
Title:	DSA-1721-1 libpam-krb5 -- several
Description:	Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0360 Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from enviromnent variables when run from a setuid context. This could lead to local privilege escalation if an attacker points a setuid program using PAM authentication to a Kerberos setup under her control. CVE-2009-0361 Derek Chan discovered that the Kerberos PAM module allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to privilege escalation. For the stable distribution, these problems have been fixed in version 2.6-1etch1. For the upcoming stable distribution, these problems have been fixed in version 3.11-4. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your libpam-krb5 package.
Family:	unix	Class:	patch
Reference(s):	DSA-1721-1 CVE-2009-0360 CVE-2009-0361	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	libpam-krb5
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND libpam-krb5 DPKG is earlier than 2.6-1etch1

Definition Id: oval:org.mitre.oval:def:13801

Oval ID:	oval:org.mitre.oval:def:13801
Title:	USN-719-1 -- libpam-krb5 vulnerabilities
Description:	It was discovered that pam_krb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. Derek Chan discovered that pam_krb5 incorrectly handled refreshing existing credentials when used with setuid applications. A local attacker could exploit this to create or overwrite arbitrary files, and possibly gain root privileges
Family:	unix	Class:	patch
Reference(s):	USN-719-1 CVE-2009-0360 CVE-2009-0361	Version:	5
Platform(s):	Ubuntu 8.10 Ubuntu 8.04	Product(s):	libpam-krb5
Definition Synopsis:
Release section Ubuntu 8.10 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND libpam-krb5 DPKG is earlier than 3.10-1ubuntu0.8.10.1 OR Release section Ubuntu 8.04 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND libpam-krb5 DPKG is earlier than 3.10-1ubuntu0.8.04.1

Definition Id: oval:org.mitre.oval:def:5403

Oval ID:	oval:org.mitre.oval:def:5403
Title:	A Security Vulnerability in the Solaris Kerberos PAM Module May Allow Use of a User Specified Kerberos Configuration File, Leading to Escalation of Privileges
Description:	Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0361	Version:	1
Platform(s):	Sun Solaris 8 Sun Solaris 9 Sun Solaris 10	Product(s):
Definition Synopsis:
Solaris 8 (SPARC) meets Sun Alert 252767 Solaris 8 (SPARC) is installed AND NOT Patch 112237-16 or later installed AND NOT Patch 112390-14 or later installed OR Solaris 9 (SPARC) meets Sun Alert 252767 Solaris 9 (SPARC) is installed AND NOT Patch 112908-34 or later installed OR Solaris 10 (SPARC) meets Sun Alert 252767 Solaris 10 (SPARC) is installed AND NOT Patch 138371-06 or later installed OR Solaris 8 (x86) meets Sun Alert 252767 Solaris 8 (x86) is installed AND NOT Patch 112238-15 or later installed AND NOT Patch 112240-13 or later installed OR Solaris 9 (x86) meets Sun Alert 252767 Solaris 9 (x86) is installed AND NOT Patch 115168-19 or later installed OR Solaris 10 (x86) meets Sun Alert 252767 Solaris 10 (x86) is installed AND NOT Patch 138372-06 or later installed

Definition Id: oval:org.mitre.oval:def:5521

Oval ID:	oval:org.mitre.oval:def:5521
Title:	HP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized Access
Description:	Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0361	Version:	9
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02415 HP Release B.11.23 AND filesets tests PAM-Kerberos.PAM-KRB-64SLIB version is less than C.01.25 AND PAM-Kerberos.PAM-KRB-DEMO version is less than C.01.25 AND PAM-Kerberos.PAM-KRB-I64LIB version is less than C.01.25 AND PAM-Kerberos.PAM-KRB-IASLIB version is less than C.01.25 AND PAM-Kerberos.PAM-KRB-MAN version is less than C.01.25 AND PAM-Kerberos.PAM-KRB-RUN version is less than C.01.25 AND PAM-Kerberos.PAM-KRB-SHLIB version is less than C.01.25 OR Criteria meets HP Security Bulletin HPSBUX02415 HP Release B.11.11 AND filesets tests KRBS-Support.KRBS-SUPP-MAN version is less than B.11.11.16 AND KRBS-Support.KRBS-SUPP-NOTE version is less than B.11.11.16 AND KRBS-Support.KRBS-SUPP-RUN version is less than B.11.11.16 AND PAM-Kerberos.PAM-KRB-64SLIB version is less than B.11.11.16 AND PAM-Kerberos.PAM-KRB-DEMO version is less than B.11.11.16 AND PAM-Kerberos.PAM-KRB-MAN version is less than B.11.11.16 AND PAM-Kerberos.PAM-KRB-RUN version is less than B.11.11.16 AND PAM-Kerberos.PAM-KRB-SHLIB version is less than B.11.11.16 OR Criteria meets HP Security Bulletin HPSBUX02415 HP-UX B.11.31 AND filesets tests PAM-Kerberos.PAM-KRB-64SLIB version is less than D.01.25 AND PAM-Kerberos.PAM-KRB-DEMO version is less than D.01.25 AND PAM-Kerberos.PAM-KRB-I64LIB version is less than D.01.25 AND PAM-Kerberos.PAM-KRB-IASLIB version is less than D.01.25 AND PAM-Kerberos.PAM-KRB-MAN version is less than D.01.25 AND PAM-Kerberos.PAM-KRB-RUN version is less than D.01.25 AND PAM-Kerberos.PAM-KRB-SHLIB version is less than D.01.25

Definition Id: oval:org.mitre.oval:def:8149

Oval ID:	oval:org.mitre.oval:def:8149
Title:	DSA-1721 libpam-krb5 -- several vulnerabilities
Description:	Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from enviromnent variables when run from a setuid context. This could lead to local privilege escalation if an attacker points a setuid program using PAM authentication to a Kerberos setup under her control. Derek Chan discovered that the Kerberos PAM module allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to privilege escalation.
Family:	unix	Class:	patch
Reference(s):	DSA-1721 CVE-2009-0360 CVE-2009-0361	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	libpam-krb5
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND libpam-krb5 is earlier than 2.6-1etch1

Definition Id: oval:org.mitre.oval:def:8163

Oval ID:	oval:org.mitre.oval:def:8163
Title:	DSA-1722 libpam-heimdal -- programming error
Description:	Derek Chan discovered that the PAM module for the Heimdal Kerberos implementation allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to local privilege escalation.
Family:	unix	Class:	patch
Reference(s):	DSA-1722 CVE-2009-0361	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	libpam-heimdal
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is ia64 AND Installed architecture is mips AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND libpam-heimdal is earlier than 2.5-1etch1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Eyrie Pam-krb5 cpe:2.3:a:eyrie:pam-krb5:3.9:::::::* cpe:2.3:a:eyrie:pam-krb5:3.8:::::::* cpe:2.3:a:eyrie:pam-krb5:3.7:::::::* cpe:2.3:a:eyrie:pam-krb5:3.6:::::::* cpe:2.3:a:eyrie:pam-krb5:3.5:::::::* cpe:2.3:a:eyrie:pam-krb5:3.4:::::::* cpe:2.3:a:eyrie:pam-krb5:3.3:::::::* cpe:2.3:a:eyrie:pam-krb5:3.2:::::::* cpe:2.3:a:eyrie:pam-krb5:3.11:::::::* cpe:2.3:a:eyrie:pam-krb5:3.10:::::::* cpe:2.3:a:eyrie:pam-krb5:3.1:::::::* cpe:2.3:a:eyrie:pam-krb5:3.0:::::::* cpe:2.3:a:eyrie:pam-krb5:2.6:::::::* cpe:2.3:a:eyrie:pam-krb5:2.5:::::::* cpe:2.3:a:eyrie:pam-krb5:2.4:::::::* cpe:2.3:a:eyrie:pam-krb5:2.3.4:::::::* cpe:2.3:a:eyrie:pam-krb5:2.3:::::::* cpe:2.3:a:eyrie:pam-krb5:2.2.14:::::::* cpe:2.3:a:eyrie:pam-krb5:2.2:::::::* cpe:2.3:a:eyrie:pam-krb5:2.1:::::::* cpe:2.3:a:eyrie:pam-krb5:2.0:::::::*	21

OpenVAS Exploits

Date	Description
2009-06-05	Name : Ubuntu USN-719-1 (libpam-krb5) File : nvt/ubuntu_719_1.nasl
2009-05-05	Name : HP-UX Update for PAM Kerberos HPSBUX02415 File : nvt/gb_hp_ux_HPSBUX02415.nasl
2009-03-31	Name : Gentoo Security Advisory GLSA 200903-39 (pam_krb5) File : nvt/glsa_200903_39.nasl
2009-02-13	Name : Debian Security Advisory DSA 1721-1 (libpam-krb5) File : nvt/deb_1721_1.nasl
2009-02-13	Name : Debian Security Advisory DSA 1722-1 (libpam-heimdal) File : nvt/deb_1722_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
54344	Russ Allbery pam-krb5 pam_setcred KRB5CCNAME Environment Variable Arbitrary F...

Nessus® Vulnerability Scanner

Date	Description
2014-12-15	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-719-1.nasl - Type : ACT_GATHER_INFO
2009-03-27	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-39.nasl - Type : ACT_GATHER_INFO
2009-02-13	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1721.nasl - Type : ACT_GATHER_INFO
2009-02-13	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1722.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 112908-38 File : solaris9_112908.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 115168-24 File : solaris9_x86_115168.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://secunia.com/advisories/33914
http://secunia.com/advisories/33917
http://secunia.com/advisories/33918
http://secunia.com/advisories/34260
http://secunia.com/advisories/34449
http://security.gentoo.org/glsa/glsa-200903-39.xml
http://securitytracker.com/id?1021711
http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1
http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm
http://www.debian.org/security/2009/dsa-1721
http://www.debian.org/security/2009/dsa-1722
http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html
http://www.securityfocus.com/archive/1/500892/100/0/threaded
http://www.securityfocus.com/bid/33741
http://www.ubuntu.com/usn/USN-719-1
http://www.vupen.com/english/advisories/2009/0410
http://www.vupen.com/english/advisories/2009/0426
http://www.vupen.com/english/advisories/2009/0979
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:12:13	Multiple Updates
2024-11-28 12:18:12	Multiple Updates
2021-05-04 12:09:05	Multiple Updates
2021-04-22 01:09:26	Multiple Updates
2020-05-23 01:39:59	Multiple Updates
2020-05-23 00:23:18	Multiple Updates
2018-10-12 00:20:36	Multiple Updates
2017-09-29 09:24:03	Multiple Updates
2016-04-26 18:35:55	Multiple Updates
2014-12-16 13:24:30	Multiple Updates
2014-02-17 10:48:38	Multiple Updates
2013-05-10 23:43:18	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	7
CPE ID(s)	21
Sources(s)	20
osvdb(s)	1
Openvas Exploit(s)	5
Nessus® Exploit(s)	7

	Related
10	GLSA-201412-08
6.2	USN-719-1
6.2	SUN-252767
6.2	HPSBUX02415 SSR...
6.2	GLSA-200903-39
6.2	DSA-1721
4.6	DSA-1722
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 7 more Alert(s)

4.6 - CVE-2009-0361

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU