MandrivaUsers.org > Advisories MDVSA-2008:209: pam

Full Version: Advisories MDVSA-2008:209: pam_krb5

MandrivaUsers.org > Announcements > Mandriva Security Advisories

paul

Oct 4 2008, 12:13 AM

StÃ©phane Bertin discovered a flaw in the pam_krb5 existing_ticket
configuration option where, if enabled and using an existing credential
cache, it was possible for a local user to gain elevated privileges
by using a different, local user's credential cache (CVE-2008-3825).

The updated packages have been patched to prevent this issue.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.