ID CVE-2006-0582
Summary Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:kth:heimdal:0.6.1
    cpe:2.3:a:kth:heimdal:0.6.1
  • cpe:2.3:a:kth:heimdal:0.6.2
    cpe:2.3:a:kth:heimdal:0.6.2
  • cpe:2.3:a:kth:heimdal:0.6.3
    cpe:2.3:a:kth:heimdal:0.6.3
  • cpe:2.3:a:kth:heimdal:0.6.4
    cpe:2.3:a:kth:heimdal:0.6.4
  • cpe:2.3:a:kth:heimdal:0.6.5
    cpe:2.3:a:kth:heimdal:0.6.5
  • cpe:2.3:a:kth:heimdal:0.7.1
    cpe:2.3:a:kth:heimdal:0.7.1
  • cpe:2.3:a:kth:heimdal:0.7.1.1
    cpe:2.3:a:kth:heimdal:0.7.1.1
  • cpe:2.3:a:kth:heimdal:0.7.1.2
    cpe:2.3:a:kth:heimdal:0.7.1.2
  • cpe:2.3:a:kth:heimdal:0.7.1.3
    cpe:2.3:a:kth:heimdal:0.7.1.3
CVSS
Base: 2.1 (as of 08-02-2006 - 09:13)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200603-14.NASL
    description The remote host is affected by the vulnerability described in GLSA-200603-14 (Heimdal: rshd privilege escalation) An unspecified privilege escalation vulnerability in the rshd server of Heimdal has been reported. Impact : Authenticated users could exploit the vulnerability to escalate privileges or to change the ownership and content of arbitrary files. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 21095
    published 2006-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21095
    title GLSA-200603-14 : Heimdal: rshd privilege escalation
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-247-1.NASL
    description A privilege escalation flaw has been found in the heimdal rsh (remote shell) server. This allowed an authenticated attacker to overwrite arbitrary files and gain ownership of them. Please note that the heimdal-servers package is not officially supported in Ubuntu (it is in the 'universe' component of the archive). However, this affects you if you use a customized version built from the heimdal source package (which is supported). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 21055
    published 2006-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21055
    title Ubuntu 4.10 / 5.04 / 5.10 : heimdal vulnerability (USN-247-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-977.NASL
    description Two vulnerabilities have been discovered in heimdal, a free implementation of Kerberos 5. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-0582 Privilege escalation in the rsh server allows an authenticated attacker to overwrite arbitrary files and gain ownership of them. - CVE-2006-0677 A remote attacker could force the telnet server to crash before the user logged in, resulting in inetd turning telnetd off because it forked too fast. The old stable distribution (woody) does not expose rsh and telnet servers.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 22843
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22843
    title Debian DSA-977-1 : heimdal - several vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_B62C80C2B81A11DABEC500123FFE8333.NASL
    description A Project heimdal Security Advisory reports : The telnet client program in Heimdal has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution. The telnetd server program in Heimdal has buffer overflows in the function getterminaltype, which may lead to remote code execution. The rshd server in Heimdal has a privilege escalation bug when storing forwarded credentials. The code allowes a user to overwrite a file with its credential cache, and get ownership of the file.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 21499
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21499
    title FreeBSD : heimdal -- Multiple vulnerabilities (b62c80c2-b81a-11da-bec5-00123ffe8333)
refmap via4
bid 16524
confirm http://www.pdc.kth.se/heimdal/advisory/2006-02-06/
debian DSA-977
gentoo GLSA-200603-14
mlist [heimdal-discuss] 20060206 Heimdal 0.7.2 and 0.6.6
osvdb 22986
sectrack 1015591
secunia
  • 18733
  • 18806
  • 18894
  • 19005
  • 19302
suse SUSE-SA:2006:011
ubuntu
  • USN-247-1
  • USN-253-1
vupen
  • ADV-2006-0456
  • ADV-2006-0628
xf heimdal-rshd-privilege-elevation(24532)
Last major update 13-05-2011 - 00:00
Published 07-02-2006 - 20:02
Last modified 19-10-2018 - 11:45
Back to Top