CVE-2009-0360 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.2 UNKNOWN	LOCAL	HIGH		AV:L/AC:H/Au:N/C:C/I:C/A:C
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 33%

Vendor	Product	Version
eyrie	pam-krb5	𝑥 ≤ 3.12
eyrie	pam-krb5	2.0
eyrie	pam-krb5	2.1
eyrie	pam-krb5	2.2
eyrie	pam-krb5	2.3
eyrie	pam-krb5	2.4
eyrie	pam-krb5	2.5
eyrie	pam-krb5	2.6
eyrie	pam-krb5	3.0
eyrie	pam-krb5	3.1
eyrie	pam-krb5	3.2
eyrie	pam-krb5	3.3
eyrie	pam-krb5	3.4
eyrie	pam-krb5	3.5
eyrie	pam-krb5	3.6
eyrie	pam-krb5	3.7
eyrie	pam-krb5	3.8
eyrie	pam-krb5	3.9
eyrie	pam-krb5	3.10
eyrie	pam-krb5	3.11

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libpam-krb5

bullseye	4.9-2 fixed
bookworm	4.11-1 fixed
sid	4.11-2 fixed
trixie	4.11-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

libpam-krb5

karmic	Fixed 3.11-4ubuntu1 released
jaunty	Fixed 3.11-4ubuntu1 released
intrepid	Fixed 3.10-1ubuntu0.8.10.1 released
hardy	Fixed 3.10-1ubuntu0.8.04.1 released
gutsy	ignored
dapper	ignored

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

http://secunia.com/advisories/33914

http://secunia.com/advisories/33917

http://secunia.com/advisories/34260

http://secunia.com/advisories/34449

http://security.gentoo.org/glsa/glsa-200903-39.xml

http://securitytracker.com/id?1021711

http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1

http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm

http://www.debian.org/security/2009/dsa-1721

http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html

http://www.securityfocus.com/archive/1/500892/100/0/threaded

http://www.securityfocus.com/bid/33740

http://www.ubuntu.com/usn/USN-719-1

http://www.vupen.com/english/advisories/2009/0410

http://www.vupen.com/english/advisories/2009/0426

http://www.vupen.com/english/advisories/2009/0979

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5669

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5732

http://secunia.com/advisories/33914

http://secunia.com/advisories/33917

http://secunia.com/advisories/34260

http://secunia.com/advisories/34449

http://security.gentoo.org/glsa/glsa-200903-39.xml

http://securitytracker.com/id?1021711

http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1

http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm

http://www.debian.org/security/2009/dsa-1721

http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html

http://www.securityfocus.com/archive/1/500892/100/0/threaded

http://www.securityfocus.com/bid/33740

http://www.ubuntu.com/usn/USN-719-1

http://www.vupen.com/english/advisories/2009/0410

http://www.vupen.com/english/advisories/2009/0426

http://www.vupen.com/english/advisories/2009/0979

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5669

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5732