Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2006-3083HistoryAug 09, 2006 - 10:04 a.m.
CVE-2006-3083
2006-08-0910:04:00
Debian Security Bug Tracker
security-tracker.debian.org
19
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
0
Percentile
13.2%
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | krb5 | < 1.4.3-9 | krb5_1.4.3-9_all.deb |
| Debian | 11 | all | krb5 | < 1.4.3-9 | krb5_1.4.3-9_all.deb |
| Debian | 999 | all | krb5 | < 1.4.3-9 | krb5_1.4.3-9_all.deb |
| Debian | 13 | all | krb5 | < 1.4.3-9 | krb5_1.4.3-9_all.deb |
Related
nessus
nessus
RHEL 4 : krb5 (RHSA-2006:0612)
2006-08-10 00:00:00
CentOS 4 : krb5 (CESA-2006:0612)
2006-08-10 00:00:00
Debian DSA-1146-1 : krb5 - programming error
2006-10-14 00:00:00
cvelist
cvelist
CVE-2006-3083
2006-08-09 10:00:00
redhat
redhat
(RHSA-2006:0612) krb5 security update
2006-08-08 00:00:00
cve
cve
CVE-2006-3083
2006-08-09 10:04:00
ubuntucve
ubuntucve
CVE-2006-3083
2006-08-09 00:00:00
nvd
nvd
CVE-2006-3083
2006-08-09 10:04:00
centos
centos
krb5 security update
2006-08-09 10:57:14
gentoo
gentoo
MIT Kerberos 5: Multiple local privilege escalation vulnerabilities
2006-08-10 00:00:00
Heimdal: Multiple local privilege escalation vulnerabilities
2006-08-23 00:00:00
securityvulns
securityvulns
MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities
2006-08-09 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200608-15 (MIT Kerberos 5)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200608-21 (Heimdal)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-1146-1)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 1146-1] New krb5 packages fix privilege escalation
2006-08-09 06:10:06
ubuntu
ubuntu
krb5 vulnerabilities
2006-08-16 00:00:00
cert
cert
oraclelinux
oraclelinux
Critical: krb5 security update
2007-04-04 00:00:00
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
0
Percentile
13.2%
Related for DEBIANCVE:CVE-2006-3083