CVE-2009-0360

pam-krb5 <3.13 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0360. PoCs published by Jon Oberheide.

AI-analyzed exploit summary This exploit leverages CVE-2009-0360 to escalate privileges locally by manipulating Kerberos configuration files and launching a fake KDC. It abuses pam-krb5's improper initialization to trick setuid applications into granting root access.

Description

Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jon Oberheide · clocallinux

https://www.exploit-db.com/exploits/8303

View Code ZIP pw:eip

This exploit leverages CVE-2009-0360 to escalate privileges locally by manipulating Kerberos configuration files and launching a fake KDC. It abuses pam-krb5's improper initialization to trick setuid applications into granting root access.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: pam-krb5 < 3.13 (linked against MIT Kerberos)

No auth needed

Prerequisites: Local access to the target system · pam-krb5 module configured for su authentication · MIT Kerberos libraries in use

MITRE ATT&CK

T1548.001 - Setuid and Setgid T1556.001 - Domain Controller Authentication

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18

Core References

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-252767-1

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5732

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-719-1

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2009-070.htm

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33917

Vendor Advisory x_refsource_misc

http://www.eyrie.org/~eagle/software/pam-krb5/security/2009-02-11.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5669

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34260

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33914

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/0426

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1021711

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/0410

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34449

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2009/dsa-1721

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/500892/100/0/threaded

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200903-39.xml

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/33740

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/0979

Scores

EPSS 0.0069

EPSS Percentile 48.1%

Details

CWE

CWE-287

Status published

Products (20)

eyrie/pam-krb5 2.0

eyrie/pam-krb5 2.1

eyrie/pam-krb5 2.2

eyrie/pam-krb5 2.3

eyrie/pam-krb5 2.4

eyrie/pam-krb5 2.5

eyrie/pam-krb5 2.6

eyrie/pam-krb5 3.0

eyrie/pam-krb5 3.1

eyrie/pam-krb5 3.2

... and 10 more

Published Feb 13, 2009

Tracked Since Feb 18, 2026