CVE-2009-0361

Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.

Affected Software

Name	Vendor	Start Version	End Version
Pam-krb5	Eyrie	*	3.12 (including)
Pam-krb5	Eyrie	3.0 (including)	3.0 (including)
Pam-krb5	Eyrie	3.1 (including)	3.1 (including)
Pam-krb5	Eyrie	3.2 (including)	3.2 (including)
Pam-krb5	Eyrie	3.3 (including)	3.3 (including)
Pam-krb5	Eyrie	3.4 (including)	3.4 (including)
Pam-krb5	Eyrie	3.5 (including)	3.5 (including)
Pam-krb5	Eyrie	3.6 (including)	3.6 (including)
Pam-krb5	Eyrie	3.7 (including)	3.7 (including)
Pam-krb5	Eyrie	3.8 (including)	3.8 (including)
Pam-krb5	Eyrie	3.9 (including)	3.9 (including)
Pam-krb5	Eyrie	3.10 (including)	3.10 (including)
Pam-krb5	Eyrie	3.11 (including)	3.11 (including)
Libpam-heimdal	Ubuntu	dapper	*
Libpam-heimdal	Ubuntu	gutsy	*
Libpam-heimdal	Ubuntu	hardy	*
Libpam-heimdal	Ubuntu	intrepid	*
Libpam-heimdal	Ubuntu	upstream	*
Libpam-krb5	Ubuntu	dapper	*
Libpam-krb5	Ubuntu	devel	*
Libpam-krb5	Ubuntu	gutsy	*
Libpam-krb5	Ubuntu	hardy	*
Libpam-krb5	Ubuntu	intrepid	*
Libpam-krb5	Ubuntu	jaunty	*
Libpam-krb5	Ubuntu	karmic	*
Libpam-krb5	Ubuntu	lucid	*
Libpam-krb5	Ubuntu	maverick	*
Libpam-krb5	Ubuntu	natty	*
Libpam-krb5	Ubuntu	oneiric	*
Libpam-krb5	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-0361
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References