CVE-2006-0582

Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/18733	Patch Vendor Advisory
http://secunia.com/advisories/18806	Patch Vendor Advisory
http://secunia.com/advisories/18894	Patch Vendor Advisory
http://secunia.com/advisories/19005	Patch Vendor Advisory
http://secunia.com/advisories/19302	Patch Vendor Advisory
http://securitytracker.com/id?1015591
http://www.debian.org/security/2006/dsa-977	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200603-14.xml	Patch Vendor Advisory
http://www.osvdb.org/22986
http://www.pdc.kth.se/heimdal/advisory/2006-02-06/	Patch
http://www.securityfocus.com/archive/1/426043/100/0/threaded
http://www.securityfocus.com/bid/16524	Patch
http://www.stacken.kth.se/lists/heimdal-discuss/2006-02/msg00028.html
http://www.ubuntu.com/usn/usn-253-1
http://www.vupen.com/english/advisories/2006/0456	Vendor Advisory
http://www.vupen.com/english/advisories/2006/0628	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/24532
https://usn.ubuntu.com/247-1/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:kth:heimdal:0.6.1:::::::*
	cpe:2.3:a:kth:heimdal:0.6.2:::::::*
	cpe:2.3:a:kth:heimdal:0.6.3:::::::*
	cpe:2.3:a:kth:heimdal:0.6.4:::::::*
	cpe:2.3:a:kth:heimdal:0.6.5:::::::*
	cpe:2.3:a:kth:heimdal:0.7.1:::::::*
	cpe:2.3:a:kth:heimdal:0.7.1.1:::::::*
	cpe:2.3:a:kth:heimdal:0.7.1.2:::::::*
	cpe:2.3:a:kth:heimdal:0.7.1.3:::::::*

History

No history.

Information

Published : 2006-02-08 01:02

Updated : 2023-12-10 10:28

NVD link : CVE-2006-0582

Mitre link : CVE-2006-0582

CVE.ORG link : CVE-2006-0582

JSON object : View

Products Affected

kth

heimdal

CWE

NVD-CWE-noinfo

{"id": "CVE-2006-0582", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-02-08T01:02:00.000", "references": [{"url": "http://secunia.com/advisories/18733", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18806", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18894", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19005", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19302", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015591", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2006/dsa-977", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-14.xml", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/22986", "source": "cve@mitre.org"}, {"url": "http://www.pdc.kth.se/heimdal/advisory/2006-02-06/", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/426043/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/16524", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.stacken.kth.se/lists/heimdal-discuss/2006-02/msg00028.html", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-253-1", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0456", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0628", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24532", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/247-1/", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Heimdal 0.6.x anteriores a 0.6.6 y 0.7.x anteriores a 0.7.2 cuando se almacenan credenciales remitidos, permite a atacantes sobreescribir ficheros de su elecci\u00f3n y cambiar la propiedad de los ficheros mediante vectores desconocidos."}], "lastModified": "2018-10-19T15:45:24.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kth:heimdal:0.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F1CE868-E352-422A-BC84-94A6781D7119"}, {"criteria": "cpe:2.3:a:kth:heimdal:0.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4940AAA1-A24F-46CC-B6EA-AE501D6AADE7"}, {"criteria": "cpe:2.3:a:kth:heimdal:0.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "603FCBB1-D450-4F34-A391-5C629294F3F5"}, {"criteria": "cpe:2.3:a:kth:heimdal:0.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5956639B-01FC-44C7-8CA9-1A7F5805C029"}, {"criteria": "cpe:2.3:a:kth:heimdal:0.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "127A27A4-D022-468C-9389-7D571D4E1901"}, {"criteria": "cpe:2.3:a:kth:heimdal:0.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25DE2636-A566-4E90-BA21-E50B5505C79F"}, {"criteria": "cpe:2.3:a:kth:heimdal:0.7.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C375B952-22B2-4D90-A80F-FCC5C394BFA6"}, {"criteria": "cpe:2.3:a:kth:heimdal:0.7.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08DF5422-8DB9-427F-BDFB-D8C667366F08"}, {"criteria": "cpe:2.3:a:kth:heimdal:0.7.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "237363DB-8160-4B5D-B15E-F3D380C31251"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}