VDB
CVE-2009-0361
CVE-2009-0361
PUBLISHED
CVSS 4.599999904632568 MEDIUM
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.
EPSS 0.07% · 21.6th percentile
Risk Scores
CVSS 2.0
4.599999904632568
EPSS Score
0.07%
21.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| eyrie | pam-krb5 | 0, 3.0, 3.1 |
Timeline
- Feb 13, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- http://secunia.com/advisories/33918 advisory
- http://secunia.com/advisories/34260 technical
- oval:org.mitre.oval:def:5521 vdb
- 252767 vendor-advisory
- 33914 third-party-advisory
- USN-719-1 vendor-advisory
- DSA-1722 vendor-advisory
- ADV-2009-0426 vdb
- 1021711 vdb
- ADV-2009-0410 vdb
- oval:org.mitre.oval:def:5403 vdb
- http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm url
- 34449 third-party-advisory
- 33917 third-party-advisory
- DSA-1721 vendor-advisory
- 20090211 pam-krb5 security advisory (3.12 and earlier) mailing-list
- http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html url
- GLSA-200903-39 vendor-advisory
- 33741 vdb
- ADV-2009-0979 vdb
…and 1 more