pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability

The 'pam-krb5' library is prone to a local privilege-escalation vulnerability because it fails to properly handle setuid processes.

A local attacker may exploit this to corrupt the credential cache. This may allow the attacker to gain elevated privileges or to create a denial-of-service condition.

Versions prior to pam-krb5 3.13 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus