QwikSec

Security Database

CVE

CWE

Training

CVE-2006-3084

Published: Aug 9, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2007-034

vendor-advisory

x_refsource_FEDORA

http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt

x_refsource_CONFIRM

SUSE-SR:2006:020

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_CERT-VN

vendor-advisory

x_refsource_GENTOO

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_OSVDB

vendor-advisory

x_refsource_DEBIAN

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

http://www.pdc.kth.se/heimdal/advisory/2006-08-08/

x_refsource_CONFIRM

20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_GENTOO

vdb-entry

x_refsource_OSVDB

vendor-advisory

x_refsource_UBUNTU

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.