CVE-2009-0360 (retired)

Priority
Description
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does
not properly initialize the Kerberos libraries for setuid use, which allows
local users to gain privileges by pointing an environment variable to a
modified Kerberos configuration file, and then launching a PAM-based setuid
application.
Assigned-to
mdeslaur
Package
Upstream:released (3.11-4)
More Information

Updated: 2019-03-26 11:47:01 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)