Search for vulnerabilities
Vulnerability details: VCID-h411-6zh8-aaan
Vulnerability ID VCID-h411-6zh8-aaan
Aliases CVE-2009-0360
Summary Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.
Status Published
Exploitability 2.0
Weighted Severity 5.6
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-287 Improper Authentication
System Score Found at
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
epss 0.0015 https://api.first.org/data/v1/epss?cve=CVE-2009-0360
cvssv2 6.2 https://nvd.nist.gov/vuln/detail/CVE-2009-0360
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0360.json
https://api.first.org/data/v1/epss?cve=CVE-2009-0360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0360
http://secunia.com/advisories/33914
http://secunia.com/advisories/33917
http://secunia.com/advisories/34260
http://secunia.com/advisories/34449
http://security.gentoo.org/glsa/glsa-200903-39.xml
http://securitytracker.com/id?1021711
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5669
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5732
http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1
http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm
http://www.debian.org/security/2009/dsa-1721
http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html
http://www.securityfocus.com/archive/1/500892/100/0/threaded
http://www.securityfocus.com/bid/33740
http://www.ubuntu.com/usn/USN-719-1
http://www.vupen.com/english/advisories/2009/0410
http://www.vupen.com/english/advisories/2009/0426
http://www.vupen.com/english/advisories/2009/0979
cpe:2.3:a:eyrie:pam-krb5:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:*:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:2.0:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:2.1:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:2.2:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:2.3:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:2.4:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:2.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:2.5:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:2.6:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:3.0:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:3.1:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:3.10:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:3.11:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:3.2:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:3.3:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:3.4:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:3.5:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:3.6:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:3.7:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:3.8:*:*:*:*:*:*:*
cpe:2.3:a:eyrie:pam-krb5:3.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eyrie:pam-krb5:3.9:*:*:*:*:*:*:*
CVE-2009-0360 https://nvd.nist.gov/vuln/detail/CVE-2009-0360
GLSA-200903-39 https://security.gentoo.org/glsa/200903-39
GLSA-201412-08 https://security.gentoo.org/glsa/201412-08
OSVDB-54343;CVE-2009-0360 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/8303.c
USN-719-1 https://usn.ubuntu.com/719-1/
Data source Exploit-DB
Date added March 28, 2009
Description pam-krb5 < 3.13 - Local Privilege Escalation
Ransomware campaign use Known
Source publication date March 29, 2009
Exploit type local
Platform linux
Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2009-0360
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.00344
EPSS Score 0.00042
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.