CVE-2006-3084

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2006-3084
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt
http://www.kb.cert.org/vuls/id/401660 US Government Resource
http://www.debian.org/security/2006/dsa-1146
http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
http://www.ubuntu.com/usn/usn-334-1
http://www.securityfocus.com/bid/19427
http://securitytracker.com/id?1016664
http://secunia.com/advisories/21439 Vendor Advisory
http://secunia.com/advisories/21461 Vendor Advisory
http://secunia.com/advisories/21402 Vendor Advisory
http://secunia.com/advisories/21527 Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_20_sr.html
http://security.gentoo.org/glsa/glsa-200608-21.xml
http://fedoranews.org/cms/node/2376
http://secunia.com/advisories/23707 Vendor Advisory
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
http://www.osvdb.org/27871
http://www.osvdb.org/27872
http://secunia.com/advisories/21436 Vendor Advisory
http://secunia.com/advisories/21613 Vendor Advisory
http://secunia.com/advisories/21467 Vendor Advisory
http://www.vupen.com/english/advisories/2006/3225 Vendor Advisory
http://www.securityfocus.com/archive/1/443498/100/100/threaded
http://www.securityfocus.com/archive/1/442599/100/0/threaded
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
cpe:2.3:a:heimdal:heimdal:*:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*
Information

Published : 2006-08-09 03:04

Updated : 2020-01-21 07:45

NVD link : CVE-2006-3084

Mitre link : CVE-2006-3084

JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa
Products Affected

heimdal

  • heimdal

mit

  • kerberos_5