Please Install the Updated Packages.

The pam_krb5 module allows Pluggable Authentication Modules (PAM) aware applications to use Kerberos to verify user identities by obtaining user credentials at log in time. A flaw was found in the pam_krb5 &quot existing_ticket&quot configuration option. If a system is configured to use an existing credential cache via the &quot existing_ticket&quot option, it may be possible for a local user to gain elevated privileges by using a different, local user's credential cache. (CVE-2008-3825) Red Hat would like to thank Stéphane Bertin for responsibly disclosing this issue. Users of pam_krb5 should upgrade to this updated package, which contains a backported patch to resolve this issue.

pam_krb5 on Red Hat Enterprise Linux (v. 5 server)

• https://www.redhat.com/archives/rhsa-announce/2008-October/msg00005.html

---

Updated on 2015-03-25