CVE-2009-0361 (retired)

Priority
Description
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris
10, and other software, does not properly handle calls to pam_setcred when
running setuid, which allows local users to overwrite and change the
ownership of arbitrary files by setting the KRB5CCNAME environment
variable, and then launching a setuid application that performs certain
pam_setcred operations.
Assigned-to
mdeslaur
Package
Upstream:released (3.10-2.1)
Package
Upstream:released (3.11-4)
More Information

Updated: 2019-03-26 11:47:02 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)