oval:org.mitre.oval:def:8149
| Definition Id: oval:org.mitre.oval:def:8149 | |||
| Oval ID: | oval:org.mitre.oval:def:8149 | ||
| Title: | DSA-1721 libpam-krb5 -- several vulnerabilities | ||
| Description: | Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from enviromnent variables when run from a setuid context. This could lead to local privilege escalation if an attacker points a setuid program using PAM authentication to a Kerberos setup under her control. Derek Chan discovered that the Kerberos PAM module allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to privilege escalation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1721 CVE-2009-0360 CVE-2009-0361 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libpam-krb5 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6461 | |||
| Oval ID: | oval:org.mitre.oval:def:6461 | ||
| Title: | Debian GNU/Linux 4.0 is installed. | ||
| Description: | Debian GNU/Linux 4.0 (etch) is installed | ||
| Family: | unix | Class: | inventory |
| Reference(s): | cpe:/o:debian:debian_gnu/linux:4.0 | Version: | 9 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Referenced By: | |||
| oval:org.mitre.oval:def:8149 | |||
