CVE-2006-3083

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-3083
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
http://secunia.com/advisories/21402 Vendor Advisory
http://secunia.com/advisories/21423 Vendor Advisory
http://secunia.com/advisories/21436 Vendor Advisory
http://secunia.com/advisories/21439 Vendor Advisory
http://secunia.com/advisories/21441 Vendor Advisory
http://secunia.com/advisories/21456 Vendor Advisory
http://secunia.com/advisories/21461 Vendor Advisory
http://secunia.com/advisories/21467 Vendor Advisory
http://secunia.com/advisories/21527 Vendor Advisory
http://secunia.com/advisories/21613 Vendor Advisory
http://secunia.com/advisories/21847 Vendor Advisory
http://secunia.com/advisories/22291 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200608-21.xml
http://securitytracker.com/id?1016664
http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1146
http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
http://www.kb.cert.org/vuls/id/580124 Patch US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:139
http://www.novell.com/linux/security/advisories/2006_20_sr.html
http://www.novell.com/linux/security/advisories/2006_22_sr.html
http://www.osvdb.org/27869
http://www.osvdb.org/27870
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
http://www.redhat.com/support/errata/RHSA-2006-0612.html Patch Vendor Advisory
http://www.securityfocus.com/archive/1/442599/100/0/threaded
http://www.securityfocus.com/archive/1/443498/100/100/threaded
http://www.securityfocus.com/bid/19427
http://www.ubuntu.com/usn/usn-334-1
http://www.vupen.com/english/advisories/2006/3225 Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:heimdal:heimdal:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
History

No history.

Information

Published : 2006-08-09 10:04

Updated : 2023-12-10 10:28

NVD link : CVE-2006-3083

Mitre link : CVE-2006-3083

CVE.ORG link : CVE-2006-3083

JSON object : View

Products Affected

heimdal

  • heimdal

mit

  • kerberos_5
CWE
CWE-399

Resource Management Errors