ID CVE-2007-3149
Summary sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo."
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos_5:-:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:-:*:*:*:*:*:*:*
  • cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*
    cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 16-10-2018 - 16:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 24368
bugtraq
  • 20070607 MIT krb5: makes sudo authentication issue MUCH worse.
  • 20070607 Re: Sudo: local root compromise with krb5 enabled
  • 20070607 Sudo: local root compromise with krb5 enabled
confirm http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c
secunia 26540
statements via4
contributor Mark J Cox
lastmodified 2007-06-11
organization Red Hat
statement Not vulnerable. Versions of sudo package shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5 are linked with PAM support and never use libkrb5 authentication.
Last major update 16-10-2018 - 16:47
Published 11-06-2007 - 18:30
Last modified 21-01-2020 - 15:44
Back to Top