Back to search
CVE-2007-3149
Published: Jun 11, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
24368
vdb-entry
x_refsource_BID
http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c
x_refsource_CONFIRM
20070607 MIT krb5: makes sudo authentication issue MUCH worse.
mailing-list
x_refsource_BUGTRAQ
20070607 Sudo: local root compromise with krb5 enabled
mailing-list
x_refsource_BUGTRAQ
26540
third-party-advisory
x_refsource_SECUNIA
20070607 Re: Sudo: local root compromise with krb5 enabled
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now