VULHUB ™

Kerberos 5 includes a version of 'su', a utility that can be used by a user to change user-identity while logged in. This utility is known as 'k5su'. k5su uses the getlogin() function to obtain the username. If the username 'root' is returned, the program functions as though root is using it and does not request passwords. Under certain circumstances, users may have 'root' returned by getlogin(). This may occur if their username is explicitly set to 'root' or if a process lowers privileges but does not set a new login name via setlogin().

Kerberos 5 includes a version of 'su', a utility that can be used by a user to change user-identity while logged in. This utility is known as 'k5su'. k5su uses the getlogin() function to obtain the username. If the username 'root' is returned, the program functions as though root is using it and does not request passwords. Under certain circumstances, users may have 'root' returned by getlogin(). This may occur if their username is explicitly set to 'root' or if a process lowers privileges but does not set a new login name via setlogin().