oval:org.mitre.oval:def:5521

Definition Id: oval:org.mitre.oval:def:5521

Oval ID:	oval:org.mitre.oval:def:5521
Title:	HP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized Access
Description:	Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0361	Version:	9
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02415 HP Release B.11.23 AND filesets tests PAM-Kerberos.PAM-KRB-64SLIB version is less than C.01.25 AND PAM-Kerberos.PAM-KRB-DEMO version is less than C.01.25 AND PAM-Kerberos.PAM-KRB-I64LIB version is less than C.01.25 AND PAM-Kerberos.PAM-KRB-IASLIB version is less than C.01.25 AND PAM-Kerberos.PAM-KRB-MAN version is less than C.01.25 AND PAM-Kerberos.PAM-KRB-RUN version is less than C.01.25 AND PAM-Kerberos.PAM-KRB-SHLIB version is less than C.01.25 OR Criteria meets HP Security Bulletin HPSBUX02415 HP Release B.11.11 AND filesets tests KRBS-Support.KRBS-SUPP-MAN version is less than B.11.11.16 AND KRBS-Support.KRBS-SUPP-NOTE version is less than B.11.11.16 AND KRBS-Support.KRBS-SUPP-RUN version is less than B.11.11.16 AND PAM-Kerberos.PAM-KRB-64SLIB version is less than B.11.11.16 AND PAM-Kerberos.PAM-KRB-DEMO version is less than B.11.11.16 AND PAM-Kerberos.PAM-KRB-MAN version is less than B.11.11.16 AND PAM-Kerberos.PAM-KRB-RUN version is less than B.11.11.16 AND PAM-Kerberos.PAM-KRB-SHLIB version is less than B.11.11.16 OR Criteria meets HP Security Bulletin HPSBUX02415 HP-UX B.11.31 AND filesets tests PAM-Kerberos.PAM-KRB-64SLIB version is less than D.01.25 AND PAM-Kerberos.PAM-KRB-DEMO version is less than D.01.25 AND PAM-Kerberos.PAM-KRB-I64LIB version is less than D.01.25 AND PAM-Kerberos.PAM-KRB-IASLIB version is less than D.01.25 AND PAM-Kerberos.PAM-KRB-MAN version is less than D.01.25 AND PAM-Kerberos.PAM-KRB-RUN version is less than D.01.25 AND PAM-Kerberos.PAM-KRB-SHLIB version is less than D.01.25

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0293s

Facebook rss twitter linkedin mail