CVE-2009-0360

N/A Unknown
Published: February 13, 2009 Modified: April 23, 2026
View on NVD

Description

Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://secunia.com/advisories/33914
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/33917
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/34260
Source: cve@mitre.org
http://secunia.com/advisories/34449
Source: cve@mitre.org
http://security.gentoo.org/glsa/glsa-200903-39.xml
Source: cve@mitre.org
http://securitytracker.com/id?1021711
Source: cve@mitre.org
http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1
Source: cve@mitre.org
http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm
Source: cve@mitre.org
http://www.debian.org/security/2009/dsa-1721
Source: cve@mitre.org
http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html
Source: cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/archive/1/500892/100/0/threaded
Source: cve@mitre.org
http://www.securityfocus.com/bid/33740
Source: cve@mitre.org
http://www.ubuntu.com/usn/USN-719-1
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2009/0410
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2009/0426
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2009/0979
Source: cve@mitre.org
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5669
Source: cve@mitre.org
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5732
Source: cve@mitre.org
http://secunia.com/advisories/33914
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/33917
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/34260
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/34449
Source: af854a3a-2127-422b-91ae-364da2661108
http://security.gentoo.org/glsa/glsa-200903-39.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://securitytracker.com/id?1021711
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2009/dsa-1721
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/archive/1/500892/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/33740
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/USN-719-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2009/0410
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2009/0426
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2009/0979
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5669
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5732
Source: af854a3a-2127-422b-91ae-364da2661108

36 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.2%
48th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-287

Affected Vendors

eyrie

Related CVEs

CVE-2026-6982 6.3
CVE-2026-6981 6.3
CVE-2026-6980 7.3
CVE-2026-6979 6.3
CVE-2026-6978 4.7