Описание
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | released | 3.11-4ubuntu1 |
| gutsy | ignored | end of life, was needed |
| hardy | released | 3.10-1ubuntu0.8.04.1 |
| intrepid | released | 3.10-1ubuntu0.8.10.1 |
| jaunty | released | 3.11-4ubuntu1 |
| karmic | released | 3.11-4ubuntu1 |
| upstream | released | 3.11-4 |
Показывать по
EPSS
6.2 Medium
CVSS2
Связанные уязвимости
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, d ...
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.
Уязвимости операционной системы Debian GNU/Linux, позволяющие локальному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS
6.2 Medium
CVSS2