Ubuntu USN-719-1 (libpam-krb5) Network Vulnerability

Summary

The remote host is missing an update to libpam-krb5 announced via advisory USN-719-1.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libpam-krb5 3.10-1ubuntu0.8.04.1 Ubuntu 8.10: libpam-krb5 3.10-1ubuntu0.8.10.1 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-719-1

Insight

It was discovered that pam_krb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. (CVE-2009-0360) Derek Chan discovered that pam_krb5 incorrectly handled refreshing existing credentials when used with setuid applications. A local attacker could exploit this to create or overwrite arbitrary files, and possibly gain root privileges. (CVE-2009-0361)

Severity

Classification

Related Vulnerabilities

Ubuntu Update for bind9 USN-1657-1
Ubuntu Update for emacs21, emacs22 vulnerabilities USN-607-1
Ubuntu Update for cpio vulnerability USN-650-1
Ubuntu Update for dhcp3 USN-1108-2
Ubuntu Update for eglibc USN-2485-1

Take action and discover your vulnerabilities