pam_krb5: Privilege escalation

pam_krb5: Privilege escalation Two vulnerabilities in pam_krb5 might allow local users to elevate their privileges or overwrite arbitrary files. pam_krb5 2009-03-25 2009-03-25: 01 257075 local 3.12 3.12

pam_krb5 is a a Kerberos v5 PAM module.

The following vulnerabilities were discovered:

pam_krb5 does not properly initialize the Kerberos libraries for setuid use (CVE-2009-0360).
Derek Chan reported that calls to pam_setcred() are not properly handled when running setuid (CVE-2009-0361).

A local attacker could set an environment variable to point to a specially crafted Kerberos configuration file and launch a PAM-based setuid application to elevate privileges, or change ownership and overwrite arbitrary files.

There is no known workaround at this time.

All pam_krb5 users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-auth/pam_krb5-3.12"

CVE-2009-0360 CVE-2009-0361 keytoaster p-y p-y