1
PublicDateAtUSN: 2009-02-13
2
Candidate: CVE-2009-0361
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0361
6
https://usn.ubuntu.com/usn/usn-719-1
8
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris
9
10, and other software, does not properly handle calls to pam_setcred when
10
running setuid, which allows local users to overwrite and change the
11
ownership of arbitrary files by setting the KRB5CCNAME environment
12
variable, and then launching a setuid application that performs certain
13
pam_setcred operations.
21
Patches_libpam-heimdal:
22
upstream_libpam-heimdal: released (3.10-2.1)
23
dapper_libpam-heimdal: ignored (reached end-of-life)
24
gutsy_libpam-heimdal: needs-triage (reached end-of-life)
25
hardy_libpam-heimdal: ignored (reached end-of-life)
26
intrepid_libpam-heimdal: needed (reached end-of-life)
27
jaunty_libpam-heimdal: not-affected (3.10-2.1ubuntu1)
28
karmic_libpam-heimdal: not-affected (3.10-2.1ubuntu1)
29
lucid_libpam-heimdal: not-affected (3.15-2ubuntu1)
30
maverick_libpam-heimdal: not-affected (3.15-2ubuntu1)
31
natty_libpam-heimdal: not-affected (3.15-2ubuntu1)
32
oneiric_libpam-heimdal: DNE (pulled 2010-07-27)
33
devel_libpam-heimdal: DNE (pulled 2010-07-27)
36
upstream_libpam-krb5: released (3.11-4)
37
dapper_libpam-krb5: ignored (reached end-of-life)
38
gutsy_libpam-krb5: needed (reached end-of-life)
39
hardy_libpam-krb5: released (3.10-1ubuntu0.8.04.1)
40
intrepid_libpam-krb5: released (3.10-1ubuntu0.8.10.1)
41
jaunty_libpam-krb5: released (3.11-4ubuntu1)
42
karmic_libpam-krb5: released (3.11-4ubuntu1)
43
lucid_libpam-krb5: released (3.11-4ubuntu1)
44
maverick_libpam-krb5: released (3.11-4ubuntu1)
45
natty_libpam-krb5: released (3.11-4ubuntu1)
46
oneiric_libpam-krb5: released (3.11-4ubuntu1)
47
devel_libpam-krb5: released (3.11-4ubuntu1)