« Sun Alert 258068... | Main | Sun Alert 259468... »
21 May 2009 Sun Alert 252767 A Security Vulnerability in the Solaris Kerberos PAM Module May Allow Use of a User Specified Kerberos Configuration File, Leading to Escalation of Privileges
posted by chandan in Alerts
Product: Sun Enterprise Authentication Mechanism 1.0.1 Solaris 9 Operating System Solaris 10 Operating System OpenSolaris

A security vulnerability in the Solaris Kerberos (see kerberos(5)) pam_krb5(5) PAM module may allow a user supplied Kerberos configuration file to be used to specify realm and KDC server information, thereby allowing certain remote unprivileged users or applications to gain elevated privileges.

Sun acknowledges with thanks, Russ Allbery and Steven Luo for bringing this issue to our attention.

This issue is also described in the following documents:


State: Resolved
First released: 10-Mar-2009
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1
Permalink |
Comments:

Post a Comment:

Comments are closed for this entry.

« Sun Alert 258068... | Main | Sun Alert 259468... »

Sun Certified Security Administrator

Download Solaris
Patches and Updates
Download Solaris Security Toolkit

« December 2009
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today


Company Info   |   Contact   |   Terms of Use   |   Privacy   |   Trademarks   |   Copyright 2008 Sun Microsystems, Inc.