CVE-2008-3825

critical

Description

pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance.

References

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00166.html

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00150.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10923

https://exchange.xforce.ibmcloud.com/vulnerabilities/45635

https://bugzilla.redhat.com/show_bug.cgi?id=461960

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

http://www.securitytracker.com/id?1020978

http://www.securityfocus.com/bid/31534

http://www.securityfocus.com/archive/1/516397/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2008-0907.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:209

http://secunia.com/advisories/43314

http://secunia.com/advisories/32174

http://secunia.com/advisories/32135

http://secunia.com/advisories/32119

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

Details

Source: Mitre, NVD

Published: 2008-10-03

Updated: 2018-10-11

Risk Information

CVSS v2

Base Score: 4.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical