CVE-2007-3149 - sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently a

CVE-2007-3149

Summary

sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo."

References

Vulnerable Configurations

cpe:2.3:a:mit:kerberos_5:-:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:-:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 21-01-2020 - 15:44)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	24368
bugtraq	20070607 MIT krb5: makes sudo authentication issue MUCH worse. 20070607 Re: Sudo: local root compromise with krb5 enabled 20070607 Sudo: local root compromise with krb5 enabled
confirm	http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c
secunia	26540

statements via4

contributor	Mark J Cox
lastmodified	2007-06-11
organization	Red Hat
statement	Not vulnerable. Versions of sudo package shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5 are linked with PAM support and never use libkrb5 authentication.

Last major update

21-01-2020 - 15:44

Published

11-06-2007 - 18:30

Last modified

21-01-2020 - 15:44