[ MDVSA-2008:209 ] pam_krb5

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [ MDVSA-2008:209 ] pam_krb5
From: security@xxxxxxxxxxxx
Date: Fri, 03 Oct 2008 17:25:00 -0600
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: <xsecurity@xxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:209
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pam_krb5
 Date    : October 3, 2008
 Affected: 2007.1, 2008.0, 2008.1
 _______________________________________________________________________

 Problem Description:

 StÃ©phane Bertin discovered a flaw in the pam_krb5 existing_ticket
 configuration option where, if enabled and using an existing credential
 cache, it was possible for a local user to gain elevated privileges
 by using a different, local user's credential cache (CVE-2008-3825).
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3825
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2007.1:
 92901a92d669d10831a2357da8ac3ff8  
2007.1/i586/pam_krb5-2.2.11-2.1mdv2007.1.i586.rpm 
 e8ba90e174669b8b43bf0bbf9c61831f  
2007.1/SRPMS/pam_krb5-2.2.11-2.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 63e366f352ed36d5e6b7b87a84d25d33  
2007.1/x86_64/pam_krb5-2.2.11-2.1mdv2007.1.x86_64.rpm 
 e8ba90e174669b8b43bf0bbf9c61831f  
2007.1/SRPMS/pam_krb5-2.2.11-2.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 d5d6796b990f19316ee7a53d87745d63  
2008.0/i586/pam_krb5-2.2.11-2.1mdv2008.0.i586.rpm 
 8b2d51b298306d43dfde2fe6f9cb0860  
2008.0/SRPMS/pam_krb5-2.2.11-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 5cb8c3f5768cdc475bfa81e14244856b  
2008.0/x86_64/pam_krb5-2.2.11-2.1mdv2008.0.x86_64.rpm 
 8b2d51b298306d43dfde2fe6f9cb0860  
2008.0/SRPMS/pam_krb5-2.2.11-2.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 2d30041830c5c3db19a23e096a968426  
2008.1/i586/pam_krb5-2.2.11-2.1mdv2008.1.i586.rpm 
 2d1f96e821e05ddba6ffe3d1cee2247b  
2008.1/SRPMS/pam_krb5-2.2.11-2.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 d07f560edf337af6279a888fd695aa49  
2008.1/x86_64/pam_krb5-2.2.11-2.1mdv2008.1.x86_64.rpm 
 2d1f96e821e05ddba6ffe3d1cee2247b  
2008.1/SRPMS/pam_krb5-2.2.11-2.1mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFI5nytmqjQ0CJFipgRAsqfAJ9gUQ/XJ8nhzX294hQulpz0ULJtuwCZAV0K
y4avzIV2yDHQt6qdOPEh7Pc=
=IVkL
-----END PGP SIGNATURE-----

Prev by Date: MetaGauge 1.0.0.17 Directory Traversal
Next by Date: [ MDVSA-2008:210 ] mono
Previous by thread: MetaGauge 1.0.0.17 Directory Traversal
Next by thread: [ MDVSA-2008:210 ] mono
Index(es):
- Date
- Thread