CVE-2007-3149 (GCVE-0-2007-3149)
Vulnerability from cvelistv5 – Published: 2007-06-11 18:00 – Updated: 2024-08-07 14:05
VLAI
Summary
sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/24368 | vdb-entryx_refsource_BID |
| http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/470752/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/470739/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/26540 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/470774/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-06-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24368",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c"
},
{
"name": "20070607 MIT krb5: makes sudo authentication issue MUCH worse.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470752/100/0/threaded"
},
{
"name": "20070607 Sudo: local root compromise with krb5 enabled",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470739/100/0/threaded"
},
{
"name": "26540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26540"
},
{
"name": "20070607 Re: Sudo: local root compromise with krb5 enabled",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470774/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be \"a user, who can already log into your system, and can already use sudo.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24368",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c"
},
{
"name": "20070607 MIT krb5: makes sudo authentication issue MUCH worse.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470752/100/0/threaded"
},
{
"name": "20070607 Sudo: local root compromise with krb5 enabled",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470739/100/0/threaded"
},
{
"name": "26540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26540"
},
{
"name": "20070607 Re: Sudo: local root compromise with krb5 enabled",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470774/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be \"a user, who can already log into your system, and can already use sudo.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24368"
},
{
"name": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c"
},
{
"name": "20070607 MIT krb5: makes sudo authentication issue MUCH worse.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470752/100/0/threaded"
},
{
"name": "20070607 Sudo: local root compromise with krb5 enabled",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470739/100/0/threaded"
},
{
"name": "26540",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26540"
},
{
"name": "20070607 Re: Sudo: local root compromise with krb5 enabled",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470774/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3149",
"datePublished": "2007-06-11T18:00:00.000Z",
"dateReserved": "2007-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:05:29.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2007-3149",
"date": "2026-05-30",
"epss": "0.00049",
"percentile": "0.15682"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mit:kerberos_5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"589D7E39-A243-49F9-8F67-4B9E92AE87DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31B2C299-5D0B-44DA-91FD-4B1146BE9A7B\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be \\\"a user, who can already log into your system, and can already use sudo.\\\"\"}, {\"lang\": \"es\", \"value\": \"sudo, cuando est\\u00e1 enlazado con MIT Kerberos 5 (krb5), no comprueba correctamente si un usuario pueda validar actualmente a Kerberos, lo cual permite a usuarios locales ganar privilegios, de una forma involuntario por el modelo de seguridad de sudo, a rtav\\u00e9s de ciertas variables de configuraci\\u00f3n KRB5_ environment. NOTA: Otro investigados cuestiona esta vulnerabilidad, bas\\u00e1ndose en que el atacante debe ser \\u201cun usuario, que puede registrarse en tu sistema, y puede utilizar sudo.\\u201d\"}]",
"id": "CVE-2007-3149",
"lastModified": "2024-11-21T00:32:31.207",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2007-06-11T18:30:00.000",
"references": "[{\"url\": \"http://secunia.com/advisories/26540\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/470739/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/470752/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/470774/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/24368\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/26540\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/470739/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/470752/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/470774/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/24368\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Not vulnerable. Versions of sudo package shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5 are linked with PAM support and never use libkrb5 authentication.\\n\", \"lastModified\": \"2007-06-11T00:00:00\"}]",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2007-3149\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-06-11T18:30:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be \\\"a user, who can already log into your system, and can already use sudo.\\\"\"},{\"lang\":\"es\",\"value\":\"sudo, cuando est\u00e1 enlazado con MIT Kerberos 5 (krb5), no comprueba correctamente si un usuario pueda validar actualmente a Kerberos, lo cual permite a usuarios locales ganar privilegios, de una forma involuntario por el modelo de seguridad de sudo, a rtav\u00e9s de ciertas variables de configuraci\u00f3n KRB5_ environment. NOTA: Otro investigados cuestiona esta vulnerabilidad, bas\u00e1ndose en que el atacante debe ser \u201cun usuario, que puede registrarse en tu sistema, y puede utilizar sudo.\u201d\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mit:kerberos_5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"589D7E39-A243-49F9-8F67-4B9E92AE87DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31B2C299-5D0B-44DA-91FD-4B1146BE9A7B\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/26540\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/470739/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/470752/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/470774/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/24368\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26540\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/470739/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/470752/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/470774/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24368\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. Versions of sudo package shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5 are linked with PAM support and never use libkrb5 authentication.\\n\",\"lastModified\":\"2007-06-11T00:00:00\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…