pam_krb5: Privilege escalation — GLSA 200903-39

Two vulnerabilities in pam_krb5 might allow local users to elevate their privileges or overwrite arbitrary files.

Affected packages

Package	sys-auth/pam_krb5 on all architectures
Affected versions	< 3.12
Unaffected versions	>= 3.12

Background

pam_krb5 is a a Kerberos v5 PAM module.

Description

The following vulnerabilities were discovered:

pam_krb5 does not properly initialize the Kerberos libraries for setuid use (CVE-2009-0360).
Derek Chan reported that calls to pam_setcred() are not properly handled when running setuid (CVE-2009-0361).

Impact

A local attacker could set an environment variable to point to a specially crafted Kerberos configuration file and launch a PAM-based setuid application to elevate privileges, or change ownership and overwrite arbitrary files.

Workaround

There is no known workaround at this time.

Resolution

All pam_krb5 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-auth/pam_krb5-3.12"

References

Release date
March 25, 2009

Latest revision
March 25, 2009: 01

Severity
high

Exploitable
local

Bugzilla entries

257075