CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
28.2%
Privilege escalation vulnerabilities in MIT krb5 ftpd
and ksu
may allow an authenticated attacker to execute arbitrary code.
The MIT krb 5 ftpd
and ksu
programs contain multiple privilege escalation vulnerabilities.
These vulnerabilities are dependent on the host operating system’s implementation of the seteuid()
system call and result when seteuid()
can fail due to resource exhaustion while changing to an unprivileged user ID. Some implementations of seteuid()
do not expose the vulnerability.
From MIT krb5 Security Advisory 2006-001:
The following vulnerabilities may result from unchecked calls to seteuid(). These vulnerabilities are not yet known to exist on any operating system:
* _ Unchecked calls to seteuid() in ftpd may allow a local privilege escalation leading to reading, writing, or creating files as root._
* _Unchecked calls to seteuid() in the ksu program may allow a local privilege escalation resulting in filling a file with null bytes as root and then deleting it (the "kdestroy" operation)._
An authenticated attacker may be able to execute arbitrary code with root privileges.
UpgradeThe MIT Kerberos team has released an update to address these issues. See the Systems Affected section of this document for information about specific vendors. Users who compile Kerberos from the original source distribution should see MIT krb5 Security Advisory 2006-001 for more details.
Disable vulnerable programs
From MIT krb5 Security Advisory 2006-001: “Disable krshd
and ftpd
, and remove the setuid bit from the ksu
binary and the v4rcp
binary.”
401660
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: July 28, 2006 Updated: August 24, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See Gentoo Linux Security Advisory GLSA 200608-15 for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23401660 Feedback>).
Notified: July 27, 2006 Updated: August 08, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see MIT krb5 Security Advisory 2006-001.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23401660 Feedback>).
Notified: July 28, 2006 Updated: August 24, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See Mandrivia advisory MDKSA-2006:139 for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23401660 Feedback>).
Notified: July 28, 2006 Updated: August 18, 2006
Not Affected
Mac OS X and Mac OS X Server are not susceptible to the issues described in this vulnerability note.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: August 23, 2006
Not Affected
No versions of the Attachmate Reflection Kerberos Client are subject to these privilege escalation vulnerabilities. The Reflection Kerberos Client is not based on the MIT code base and runs only on Microsoft Windows operating systems.
For the latest Attachmate security update information, Attachmate recommends you regularly check the Security Updates and Reflection web page at: <http://support.wrq.com/techdocs/1708.html>
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: August 08, 2006
Not Affected
Kerberos is available for AIX via Network Authentication Service. Network Authentication Service is not affected by the issues mentioned in CERT Vulnerability Notes VU#580124 (CVE-2006-3083) and VU#401660 (CVE-2006-3084).
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: August 08, 2006
Not Affected
Juniper Networks products are not susceptible to this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: August 24, 2006
Unknown
See Debian Security Advisory DSA-1146-1 for more details.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 28, 2006 Updated: July 28, 2006
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
View all 46 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt>
Thanks to the MIT Kerberos Team for reporting this issue. The MIT Kerberos Team in turn thanks Michael Calmer and Marcus Meissner at SUSE and Shiva Persaud at IBM for providing information about AIX.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2006-3084 |
---|---|
Severity Metric: | 2.33 Date Public: |