|
|
[ Message Precedent sur la mailing][ Message Suivant sur la mailing][ Precedent dans le fil][ Prochain dans le fil][ Index par Date][ Index par fil]
[SA33914] pam-krb5 File Overwrite and Privilege Escalation
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
link://[click]
TITLE:
pam-krb5 File Overwrite and Privilege Escalation
SECUNIA ADVISORY ID:
SA33914
VERIFY ADVISORY:
link://[click]
CRITICAL:
Less critical
IMPACT:
Manipulation of data, Privilege escalation
WHERE:
Local system
SOFTWARE:
pam-krb5 3.x
link://[click]
DESCRIPTION:
Some vulnerabilities have been reported in pam-krb5, which can be
exploited by malicious, local users to overwrite files and to gain
escalated privileges.
1) An error exists due to pam-krb5 not using the correct API for
initialising the Kerberos libraries in a setuid context. This can be
exploited to bypass authentication checks in setuid applications that
use PAM for authentication by specifying the Kerberos configuration
via environment variables.
2) An error exists in "pam_setcred" when being invoked with
"PAM_REINITIALIZE_CREDS" or "PAM_REFRESH_CREDS" by a setuid
application without first calling "PAM_ESTABLISH_CREDS" or dropping
privileges (e.g. "su" in Solaris 10). This can be exploited to
overwrite and chown a file specified via the "KRB5CCNAME" environment
variable.
The vulnerabilities are reported in versions prior to 3.13.
SOLUTION:
Update to version 3.13.
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
2) The vendor credits Derek Chan.
ORIGINAL ADVISORY:
link://[click]
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
link://[click]
Definitions: (Criticality, Where etc.)
link://[click]
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Archives de la liste de diffusion Secunia
Archives de la liste de diffusion Full Disclosure
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
