CVE-2006-3084

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt
http://www.kb.cert.org/vuls/id/401660	US Government Resource
http://www.debian.org/security/2006/dsa-1146
http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
http://www.ubuntu.com/usn/usn-334-1
http://www.securityfocus.com/bid/19427
http://securitytracker.com/id?1016664
http://secunia.com/advisories/21439	Vendor Advisory
http://secunia.com/advisories/21461	Vendor Advisory
http://secunia.com/advisories/21402	Vendor Advisory
http://secunia.com/advisories/21527	Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_20_sr.html
http://security.gentoo.org/glsa/glsa-200608-21.xml
http://fedoranews.org/cms/node/2376
http://secunia.com/advisories/23707	Vendor Advisory
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
http://www.osvdb.org/27871
http://www.osvdb.org/27872
http://secunia.com/advisories/21436	Vendor Advisory
http://secunia.com/advisories/21613	Vendor Advisory
http://secunia.com/advisories/21467	Vendor Advisory
http://www.vupen.com/english/advisories/2006/3225	Vendor Advisory
http://www.securityfocus.com/archive/1/443498/100/100/threaded
http://www.securityfocus.com/archive/1/442599/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mit:kerberos_5:1.5:::::::*
	cpe:2.3:a:heimdal:heimdal::::::::
	cpe:2.3:a:mit:kerberos_5:1.4:::::::*
	cpe:2.3:a:mit:kerberos_5:1.4.1:::::::*
	cpe:2.3:a:mit:kerberos_5:1.4.2:::::::*
	cpe:2.3:a:mit:kerberos_5:1.4.3:::::::*

Information

Published : 2006-08-09 03:04

Updated : 2020-01-21 07:45

NVD link : CVE-2006-3084

Mitre link : CVE-2006-3084

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

heimdal

heimdal

mit

kerberos_5

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt", "name": "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/401660", "name": "VU#401660", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.debian.org/security/2006/dsa-1146", "name": "DSA-1146", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml", "name": "GLSA-200608-15", "tags": [], "refsource": "GENTOO"}, {"url": "http://www.ubuntu.com/usn/usn-334-1", "name": "USN-334-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.securityfocus.com/bid/19427", "name": "19427", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1016664", "name": "1016664", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/21439", "name": "21439", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21461", "name": "21461", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21402", "name": "21402", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21527", "name": "21527", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html", "name": "SUSE-SR:2006:020", "tags": [], "refsource": "SUSE"}, {"url": "http://security.gentoo.org/glsa/glsa-200608-21.xml", "name": "GLSA-200608-21", "tags": [], "refsource": "GENTOO"}, {"url": "http://fedoranews.org/cms/node/2376", "name": "FEDORA-2007-034", "tags": [], "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/23707", "name": "23707", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt", "name": "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/", "name": "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.osvdb.org/27871", "name": "27871", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/27872", "name": "27872", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/21436", "name": "21436", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21613", "name": "21613", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21467", "name": "21467", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2006/3225", "name": "ADV-2006-3225", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/archive/1/443498/100/100/threaded", "name": "20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/442599/100/0/threaded", "name": "20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3084", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-08-09T10:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:heimdal:heimdal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.7.2"}, {"cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-01-21T15:45Z"}

7.2 /10