 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.63395 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-1721-1) |
| Summary: | The remote host is missing an update for the Debian 'libpam-krb5' package(s) announced via the DSA-1721-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'libpam-krb5' package(s) announced via the DSA-1721-1 advisory. Vulnerability Insight: Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0360 Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from environment variables when run from a setuid context. This could lead to local privilege escalation if an attacker points a setuid program using PAM authentication to a Kerberos setup under her control. CVE-2009-0361 Derek Chan discovered that the Kerberos PAM module allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to privilege escalation. For the stable distribution (etch), these problems have been fixed in version 2.6-1etch1. For the upcoming stable distribution (lenny), these problems have been fixed in version 3.11-4. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your libpam-krb5 package. Affected Software/OS: 'libpam-krb5' package(s) on Debian 4. Solution: Please install the updated package(s). CVSS Score: 6.2 CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-0360 BugTraq ID: 33740 http://www.securityfocus.com/bid/33740 Bugtraq: 20090211 pam-krb5 security advisory (3.12 and earlier) (Google Search) http://www.securityfocus.com/archive/1/500892/100/0/threaded Debian Security Information: DSA-1721 (Google Search) http://www.debian.org/security/2009/dsa-1721 http://security.gentoo.org/glsa/glsa-200903-39.xml http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5669 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5732 http://securitytracker.com/id?1021711 http://secunia.com/advisories/33914 http://secunia.com/advisories/33917 http://secunia.com/advisories/34260 http://secunia.com/advisories/34449 http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1 http://www.ubuntu.com/usn/USN-719-1 http://www.vupen.com/english/advisories/2009/0410 http://www.vupen.com/english/advisories/2009/0426 http://www.vupen.com/english/advisories/2009/0979 Common Vulnerability Exposure (CVE) ID: CVE-2009-0361 BugTraq ID: 33741 http://www.securityfocus.com/bid/33741 Debian Security Information: DSA-1722 (Google Search) http://www.debian.org/security/2009/dsa-1722 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5403 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5521 http://secunia.com/advisories/33918 |
| Copyright | Copyright (C) 2009 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |