Rapid7 Vulnerability & Exploit Database

SUSE Linux Security Vulnerability: CVE-2008-3825

Back to Search

SUSE Linux Security Vulnerability: CVE-2008-3825

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

10/03/2008

Created

07/25/2018

Added

02/17/2015

Modified

07/04/2017

Description

pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance.

Solution(s)

suse-upgrade-pam_krb5
suse-upgrade-pam_krb5-32bit
suse-upgrade-pam_krb5-64bit
suse-upgrade-suse-release

References

https://attackerkb.com/topics/cve-2008-3825
31534
CVE - 2008-3825
Category I
V0027158
2011-A-0066
OVAL10923
RHSA-2008:0907
45635

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

SUSE Linux Security Vulnerability: CVE-2008-3825