Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2009-0360

Date: February 13, 2009

Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.

Severity Score

Related Resources (21)

http://security.gentoo.org/glsa/glsa-200903-39.xml
http://www.ubuntu.com/usn/USN-719-1
https://nvd.nist.gov/vuln/detail/CVE-2009-0360
http://secunia.com/advisories/34449
http://www.debian.org/security/2009/dsa-1721
http://www.vupen.com/english/advisories/2009/0410
http://www.securityfocus.com/archive/1/500892/100/0/threaded
http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1
https://people.canonical.com/~ubuntu-security/cve/CVE-2009-0360
http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm
http://secunia.com/advisories/34260
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5732
http://www.securityfocus.com/bid/33740
http://secunia.com/advisories/33914
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5669
http://www.vupen.com/english/advisories/2009/0426
http://secunia.com/advisories/33917
http://securitytracker.com/id?1021711
http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html
http://www.vupen.com/english/advisories/2009/0979
https://www.mend.io/vulnerability-database/CVE-2009-0360

Severity Score

Weakness Type (CWE)

Authentication Issues

CWE-287

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): HIGH
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us