Back to search
CVE-2006-3083
Published: Aug 9, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
MDKSA-2006:139
vendor-advisory
x_refsource_MANDRIVA
VU#580124
third-party-advisory
x_refsource_CERT-VN
http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm
x_refsource_CONFIRM
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt
x_refsource_CONFIRM
27869
vdb-entry
x_refsource_OSVDB
21847
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2006:020
vendor-advisory
x_refsource_SUSE
GLSA-200608-21
vendor-advisory
x_refsource_GENTOO
21461
third-party-advisory
x_refsource_SECUNIA
21467
third-party-advisory
x_refsource_SECUNIA
DSA-1146
vendor-advisory
x_refsource_DEBIAN
RHSA-2006:0612
vendor-advisory
x_refsource_REDHAT
21436
third-party-advisory
x_refsource_SECUNIA
ADV-2006-3225
vdb-entry
x_refsource_VUPEN
21527
third-party-advisory
x_refsource_SECUNIA
27870
vdb-entry
x_refsource_OSVDB
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
x_refsource_CONFIRM
20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities
mailing-list
x_refsource_BUGTRAQ
oval:org.mitre.oval:def:9515
vdb-entry
signature
x_refsource_OVAL
21439
third-party-advisory
x_refsource_SECUNIA
21402
third-party-advisory
x_refsource_SECUNIA
20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities
mailing-list
x_refsource_BUGTRAQ
21613
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2006:022
vendor-advisory
x_refsource_SUSE
1016664
vdb-entry
x_refsource_SECTRACK
21441
third-party-advisory
x_refsource_SECUNIA
22291
third-party-advisory
x_refsource_SECUNIA
21456
third-party-advisory
x_refsource_SECUNIA
GLSA-200608-15
vendor-advisory
x_refsource_GENTOO
21423
third-party-advisory
x_refsource_SECUNIA
USN-334-1
vendor-advisory
x_refsource_UBUNTU
19427
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now