A security vulnerability in pam-krb5 allowing overwrite and chown of arbitrary files via Solaris su was discovered by Derek Chan and reported by Steven Luo on 2009-01-29. Subsequent code auditing for behavior in setuid applications uncovered another, more general and more serious bug that could result in privilege escalation. Reproducible: Always Steps to Reproduce:
These issues were addressed in GLSA 200903-39. Please do a search before posting new bugs (and be sure to include closed bugs, too). *** This bug has been marked as a duplicate of bug 257075 ***