pam_krb5: Privilege escalation — GLSA 200903-39

Two vulnerabilities in pam_krb5 might allow local users to elevate their privileges or overwrite arbitrary files.

Affected Packages

sys-auth/pam_krb5 on all architectures
Affected versions < 3.12
Unaffected versions >= 3.12

Background

pam_krb5 is a a Kerberos v5 PAM module.

Description

The following vulnerabilities were discovered:

  • pam_krb5 does not properly initialize the Kerberos libraries for setuid use (CVE-2009-0360).
  • Derek Chan reported that calls to pam_setcred() are not properly handled when running setuid (CVE-2009-0361).

Impact

A local attacker could set an environment variable to point to a specially crafted Kerberos configuration file and launch a PAM-based setuid application to elevate privileges, or change ownership and overwrite arbitrary files.

Workaround

There is no known workaround at this time.

Resolution

All pam_krb5 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-auth/pam_krb5-3.12"

References

Release Date
March 25, 2009

Latest Revision
March 25, 2009: 01

Severity
high

Exploitable
local

Bugzilla entries