CVE-2008-3825 Information

Description

pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier when the existing_ticket option is enabled uses incorrect privileges when reading a Kerberos credential cache which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance.

Reference

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://secunia.com/advisories/32119 http://secunia.com/advisories/32135 http://secunia.com/advisories/32174 http://secunia.com/advisories/43314 http://www.mandriva.com/security/advisories?name=MDVSA-2008:209 http://www.redhat.com/support/errata/RHSA-2008-0907.html http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www.securityfocus.com/bid/31534 http://www.securitytracker.com/id?1020978 http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://bugzilla.redhat.com/show_bug.cgi?id=461960 https://exchange.xforce.ibmcloud.com/vulnerabilities/45635 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10923 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00150.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00166.html