Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3084

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-3084
Last Modified 25 Jul 2011 12:00:00
Published 09 Aug 2006 06:04:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-3084

Summary

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.

Vulnerable Systems

Application

  • Heimdal 0.7.2

  • Mit Kerberos 5-1.4

  • Mit Kerberos 5-1.4.1

  • Mit Kerberos 5-1.4.2

  • Mit Kerberos 5-1.4.3

  • Mit Kerberos 5-1.5


References

CERT-VN - VU#401660

VUPEN - ADV-2006-3225

UBUNTU - USN-334-1

BID - 19427

BUGTRAQ - 20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities

BUGTRAQ - 20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities

CONFIRM - http://www.pdc.kth.se/heimdal/advisory/2006-08-08/

OSVDB - 27872

OSVDB - 27871

SUSE - SUSE-SR:2006:020

GENTOO - GLSA-200608-15

DEBIAN - DSA-1146

CONFIRM - http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt

SECTRACK - 1016664

GENTOO - GLSA-200608-21

SECUNIA - 23707

SECUNIA - 21613

SECUNIA - 21527

SECUNIA - 21467

SECUNIA - 21461

SECUNIA - 21439

SECUNIA - 21436

SECUNIA - 21402

FEDORA - FEDORA-2007-034

CONFIRM - ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt


Last Updated: 27 May 2016 10:42:52