CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2020-10595
https://notcve.org/view.php?id=CVE-2020-10595
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. This code path is not used for normal authentication, but only when the Kerberos library does supplemental prompting, such as with PKINIT or when using the non-standard no_prompt PAM configuration option. pam-krb5 versiones anteriores a 4.9, presenta un desbordamiento del búfer que puede causar una ejecución de código remota en situaciones que involucran una sugerencia suplementaria para una biblioteca de Kerberos. Esto puede desbordar un búfer proporcionado por la biblioteca Kerberos subyacente por un solo byte "\0" si un atacante responde a un aviso con una respuesta de una longitud cuidadosamente elegida. • http://www.openwall.com/lists/oss-security/2020/03/31/1 https://github.com/rra/pam-krb5/commit/e7879e27a37119fad4faf133a9f70bdcdc75d760 https://lists.debian.org/debian-lts-announce/2020/04/msg00000.html https://usn.ubuntu.com/4314-1 https://www.debian.org/security/2020/dsa-4648 https://www.eyrie.org/~eagle/software/pam-krb5/security/2020-03-30.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2009-1384 – pam_krb5: Password prompt varies for existent and non-existent users
https://notcve.org/view.php?id=CVE-2009-1384
pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. pam_krb5 v2.2.14 a v2.3.4, tal como se usa Red Hat Enterprise Linux (RHEL) 5, genera diferentes peticiones de contraseña dependiendo de si existe la cuenta de usuario, lo que permite a atacantes remotos enumerar los nombres de usuario válidos. • http://osvdb.org/54791 http://secunia.com/advisories/35230 http://secunia.com/advisories/43314 http://www.mandriva.com/security/advisories?name=MDVSA-2010:054 http://www.openwall.com/lists/oss-security/2009/05/27/1 http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www.securityfocus.com/bid/35112 http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://www.vupen.com/english/advisories/2009/1448 https://bugzilla.redhat.com/show_bug.cgi? • CWE-287: Improper Authentication •
CVSS: 6.2EPSS: 0%CPEs: 20EXPL: 1CVE-2009-0360 – pam-krb5 < 3.13 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-0360
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application. Russ Allbery pam-krb5 versiones anteriores a v3.13, cuando es enlazado a través de MIT Kerberos, no inicializa correctamente las librerías Kerberos al usarlas en la fijación de propietario, permitiendo a usuarios locales obtener privilegios al apuntar una variable de entorno a un fichero de configuración de Kerberos modificado, y después llamando a una aplicación de fijación de propietario basada en PAM. • https://www.exploit-db.com/exploits/8303 http://secunia.com/advisories/33914 http://secunia.com/advisories/33917 http://secunia.com/advisories/34260 http://secunia.com/advisories/34449 http://security.gentoo.org/glsa/glsa-200903-39.xml http://securitytracker.com/id?1021711 http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1 http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm http://www.debian.org/security/2009/dsa-1721 http://www.eyrie.org/& • CWE-287: Improper Authentication •
CVSS: 4.6EPSS: 0%CPEs: 13EXPL: 0CVE-2009-0361
https://notcve.org/view.php?id=CVE-2009-0361
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations. Russ Allbery pam-krb5 versiones anteriores a v3.13, como el usado por libpam-heimdal, el comando "su" en Solaris 10, y otros programas, no gestiona correctamente las peticiones a "pam_setcred" al ejecutar "setuid", permitiendo a usuarios locales sobreescribir y cambiar los propietarios de los ficheros que elijan al asignarle un valor a la variable de entorno "KRB5CCNAME", y después invocar la aplicación setuid que efectúa ciertas operaciones "pam_setcred". • http://secunia.com/advisories/33914 http://secunia.com/advisories/33917 http://secunia.com/advisories/33918 http://secunia.com/advisories/34260 http://secunia.com/advisories/34449 http://security.gentoo.org/glsa/glsa-200903-39.xml http://securitytracker.com/id?1021711 http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1 http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm http://www.debian.org/security/2009/dsa-1721 http://www.debian.org/security/ • CWE-264: Permissions, Privileges, and Access Controls •