Definition Id: oval:org.mitre.oval:def:8149
Oval ID: oval:org.mitre.oval:def:8149
Title: DSA-1721 libpam-krb5 -- several vulnerabilities
Description: Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from enviromnent variables when run from a setuid context. This could lead to local privilege escalation if an attacker points a setuid program using PAM authentication to a Kerberos setup under her control. Derek Chan discovered that the Kerberos PAM module allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to privilege escalation.
Family: unix Class: patch
Reference(s): DSA-1721
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): libpam-krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6461
Oval ID: oval:org.mitre.oval:def:6461
Title: Debian GNU/Linux 4.0 is installed.
Description: Debian GNU/Linux 4.0 (etch) is installed
Family: unix Class: inventory
Reference(s): cpe:/o:debian:debian_gnu/linux:4.0
Version: 9
Platform(s): Debian GNU/Linux 4.0
Definition Synopsis:
Referenced By: