ID CVE-2006-3083
Summary The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
References
Vulnerable Configurations
  • cpe:2.3:a:heimdal:heimdal:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:heimdal:heimdal:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 18-10-2018 - 16:45)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:19:56.329-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
family unix
id oval:org.mitre.oval:def:9515
status accepted
submitted 2010-07-09T03:56:16-04:00
title The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
version 23
redhat via4
advisories
bugzilla
id 197818
title CVE-2006-3083 krb5 multiple unsafe setuid usage
oval
AND
comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304001
rhsa
id RHSA-2006:0612
released 2006-08-08
severity Important
title RHSA-2006:0612: krb5 security update (Important)
refmap via4
bid 19427
bugtraq
  • 20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities
  • 20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities
cert-vn VU#580124
confirm
debian DSA-1146
gentoo
  • GLSA-200608-15
  • GLSA-200608-21
mandriva MDKSA-2006:139
osvdb
  • 27869
  • 27870
sectrack 1016664
secunia
  • 21402
  • 21423
  • 21436
  • 21439
  • 21441
  • 21456
  • 21461
  • 21467
  • 21527
  • 21613
  • 21847
  • 22291
suse
  • SUSE-SR:2006:020
  • SUSE-SR:2006:022
ubuntu USN-334-1
vupen ADV-2006-3225
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 18-10-2018 - 16:45
Published 09-08-2006 - 10:04
Last modified 21-01-2020 - 15:45
Back to Top