CVE-2018-0493
https://notcve.org/view.php?id=CVE-2018-0493
remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution. remctld en remctl, en versiones anteriores a la 3.14, cuando un atacante está autorizado para ejecutar un comando que emplea la opción sudo, tiene un uso de memoria previamente liberada que conduce a un cierre inesperado del demonio, corrupción de memoria o ejecución de comandos arbitrarios. • https://git.eyrie.org/?p=kerberos/remctl.git%3Ba=commit%3Bh=86c7e44090c988112a37589d2c7a94029eb5e641 https://www.debian.org/security/2018/dsa-4159 https://www.eyrie.org/~eagle/software/remctl/security/2018-04-01.html • CWE-416: Use After Free •
CVE-2009-1384 – pam_krb5: Password prompt varies for existent and non-existent users
https://notcve.org/view.php?id=CVE-2009-1384
pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. pam_krb5 v2.2.14 a v2.3.4, tal como se usa Red Hat Enterprise Linux (RHEL) 5, genera diferentes peticiones de contraseña dependiendo de si existe la cuenta de usuario, lo que permite a atacantes remotos enumerar los nombres de usuario válidos. • http://osvdb.org/54791 http://secunia.com/advisories/35230 http://secunia.com/advisories/43314 http://www.mandriva.com/security/advisories?name=MDVSA-2010:054 http://www.openwall.com/lists/oss-security/2009/05/27/1 http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www.securityfocus.com/bid/35112 http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://www.vupen.com/english/advisories/2009/1448 https://bugzilla.redhat.com/show_bug.cgi? • CWE-287: Improper Authentication •
CVE-2009-0360 – pam-krb5 < 3.13 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-0360
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application. Russ Allbery pam-krb5 versiones anteriores a v3.13, cuando es enlazado a través de MIT Kerberos, no inicializa correctamente las librerías Kerberos al usarlas en la fijación de propietario, permitiendo a usuarios locales obtener privilegios al apuntar una variable de entorno a un fichero de configuración de Kerberos modificado, y después llamando a una aplicación de fijación de propietario basada en PAM. • https://www.exploit-db.com/exploits/8303 http://secunia.com/advisories/33914 http://secunia.com/advisories/33917 http://secunia.com/advisories/34260 http://secunia.com/advisories/34449 http://security.gentoo.org/glsa/glsa-200903-39.xml http://securitytracker.com/id?1021711 http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1 http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm http://www.debian.org/security/2009/dsa-1721 http://www.eyrie.org/& • CWE-287: Improper Authentication •
CVE-2009-0361
https://notcve.org/view.php?id=CVE-2009-0361
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations. Russ Allbery pam-krb5 versiones anteriores a v3.13, como el usado por libpam-heimdal, el comando "su" en Solaris 10, y otros programas, no gestiona correctamente las peticiones a "pam_setcred" al ejecutar "setuid", permitiendo a usuarios locales sobreescribir y cambiar los propietarios de los ficheros que elijan al asignarle un valor a la variable de entorno "KRB5CCNAME", y después invocar la aplicación setuid que efectúa ciertas operaciones "pam_setcred". • http://secunia.com/advisories/33914 http://secunia.com/advisories/33917 http://secunia.com/advisories/33918 http://secunia.com/advisories/34260 http://secunia.com/advisories/34449 http://security.gentoo.org/glsa/glsa-200903-39.xml http://securitytracker.com/id?1021711 http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1 http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm http://www.debian.org/security/2009/dsa-1721 http://www.debian.org/security/ • CWE-264: Permissions, Privileges, and Access Controls •