CVE-2006-3083

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/580124	Patch US Government Resource
http://www.redhat.com/support/errata/RHSA-2006-0612.html	Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1146
http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
http://www.ubuntu.com/usn/usn-334-1
http://www.securityfocus.com/bid/19427
http://securitytracker.com/id?1016664
http://secunia.com/advisories/21423	Vendor Advisory
http://secunia.com/advisories/21439	Vendor Advisory
http://secunia.com/advisories/21461	Vendor Advisory
http://secunia.com/advisories/21402	Vendor Advisory
http://secunia.com/advisories/21441	Vendor Advisory
http://secunia.com/advisories/21456	Vendor Advisory
http://secunia.com/advisories/21527	Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_20_sr.html
http://security.gentoo.org/glsa/glsa-200608-21.xml
http://www.novell.com/linux/security/advisories/2006_22_sr.html
http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm
http://secunia.com/advisories/22291	Vendor Advisory
http://secunia.com/advisories/21847	Vendor Advisory
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
http://www.osvdb.org/27869
http://www.osvdb.org/27870
http://secunia.com/advisories/21436	Vendor Advisory
http://secunia.com/advisories/21613	Vendor Advisory
http://secunia.com/advisories/21467	Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:139
http://www.vupen.com/english/advisories/2006/3225	Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515
http://www.securityfocus.com/archive/1/443498/100/100/threaded
http://www.securityfocus.com/archive/1/442599/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:heimdal:heimdal:0.7.2:::::::*
	cpe:2.3:a:mit:kerberos_5:1.4.2:::::::*
	cpe:2.3:a:mit:kerberos_5:1.4.3:::::::*
	cpe:2.3:a:mit:kerberos_5:1.4:::::::*
	cpe:2.3:a:mit:kerberos_5:1.4.1:::::::*
	cpe:2.3:a:mit:kerberos_5:1.5:::::::*

Information

Published : 2006-08-09 03:04

Updated : 2020-01-21 07:45

NVD link : CVE-2006-3083

Mitre link : CVE-2006-3083

JSON object : View

CWE

CWE-399

Resource Management Errors

Products Affected

heimdal

heimdal

mit

kerberos_5

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt", "name": "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/580124", "name": "VU#580124", "tags": ["Patch", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0612.html", "name": "RHSA-2006:0612", "tags": ["Patch", "Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.debian.org/security/2006/dsa-1146", "name": "DSA-1146", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml", "name": "GLSA-200608-15", "tags": [], "refsource": "GENTOO"}, {"url": "http://www.ubuntu.com/usn/usn-334-1", "name": "USN-334-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.securityfocus.com/bid/19427", "name": "19427", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1016664", "name": "1016664", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/21423", "name": "21423", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21439", "name": "21439", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21461", "name": "21461", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21402", "name": "21402", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21441", "name": "21441", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21456", "name": "21456", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21527", "name": "21527", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html", "name": "SUSE-SR:2006:020", "tags": [], "refsource": "SUSE"}, {"url": "http://security.gentoo.org/glsa/glsa-200608-21.xml", "name": "GLSA-200608-21", "tags": [], "refsource": "GENTOO"}, {"url": "http://www.novell.com/linux/security/advisories/2006_22_sr.html", "name": "SUSE-SR:2006:022", "tags": [], "refsource": "SUSE"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/22291", "name": "22291", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21847", "name": "21847", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt", "name": "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/", "name": "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.osvdb.org/27869", "name": "27869", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/27870", "name": "27870", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/21436", "name": "21436", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21613", "name": "21613", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21467", "name": "21467", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:139", "name": "MDKSA-2006:139", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://www.vupen.com/english/advisories/2006/3225", "name": "ADV-2006-3225", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515", "name": "oval:org.mitre.oval:def:9515", "tags": [], "refsource": "OVAL"}, {"url": "http://www.securityfocus.com/archive/1/443498/100/100/threaded", "name": "20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/442599/100/0/threaded", "name": "20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-399"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3083", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-08-09T10:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:heimdal:heimdal:0.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-01-21T15:45Z"}

7.2 /10