oval:org.mitre.oval:def:8149
Definition Id: oval:org.mitre.oval:def:8149 | |||
Oval ID: | oval:org.mitre.oval:def:8149 | ||
Title: | DSA-1721 libpam-krb5 -- several vulnerabilities | ||
Description: | Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from enviromnent variables when run from a setuid context. This could lead to local privilege escalation if an attacker points a setuid program using PAM authentication to a Kerberos setup under her control. Derek Chan discovered that the Kerberos PAM module allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to privilege escalation. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1721 CVE-2009-0360 CVE-2009-0361 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libpam-krb5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6461 | |||
Oval ID: | oval:org.mitre.oval:def:6461 | ||
Title: | Debian GNU/Linux 4.0 is installed. | ||
Description: | Debian GNU/Linux 4.0 (etch) is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:debian:debian_gnu/linux:4.0 | Version: | 9 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:8149 |