CVE-2009-0360 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-0360 Interim 1 3 2021-06-09T08:48:19Z current 2021-05-30T12:45:45Z 2021-06-09T08:48:19Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-0360 Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application. CVE-2009-0360 moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C