Lucene search

K

[email protected]NVD:CVE-2006-3083

HistoryAug 09, 2006 - 10:04 a.m.

CVE-2006-3083

2006-08-0910:04:00

CWE-399

[email protected]

web.nvd.nist.gov

7

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0

Percentile

13.2%

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

Affected configurations

Nvd

Node

heimdalheimdalMatch0.7.2

OR

mitkerberos_5Match1.4

OR

mitkerberos_5Match1.4.1

OR

mitkerberos_5Match1.4.2

OR

mitkerberos_5Match1.4.3

OR

mitkerberos_5Match1.5

References

ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt

secunia.com/advisories/21402

secunia.com/advisories/21423

secunia.com/advisories/21436

secunia.com/advisories/21439

secunia.com/advisories/21441

secunia.com/advisories/21456

secunia.com/advisories/21461

secunia.com/advisories/21467

secunia.com/advisories/21527

secunia.com/advisories/21613

secunia.com/advisories/21847

secunia.com/advisories/22291

security.gentoo.org/glsa/glsa-200608-21.xml

securitytracker.com/id?1016664

support.avaya.com/elmodocs2/security/ASA-2006-211.htm

web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt

www.debian.org/security/2006/dsa-1146

www.gentoo.org/security/en/glsa/glsa-200608-15.xml

www.kb.cert.org/vuls/id/580124

www.mandriva.com/security/advisories?name=MDKSA-2006:139

www.novell.com/linux/security/advisories/2006_20_sr.html

www.novell.com/linux/security/advisories/2006_22_sr.html

www.osvdb.org/27869

www.osvdb.org/27870

www.pdc.kth.se/heimdal/advisory/2006-08-08/

www.redhat.com/support/errata/RHSA-2006-0612.html

www.securityfocus.com/archive/1/442599/100/0/threaded

www.securityfocus.com/archive/1/443498/100/100/threaded

www.securityfocus.com/bid/19427

www.ubuntu.com/usn/usn-334-1

www.vupen.com/english/advisories/2006/3225

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0

Percentile

13.2%

Related for NVD:CVE-2006-3083

nessus9 cvelist1 redhat1 debiancve1 cve1 ubuntucve1 centos1 securityvulns1 openvas9 gentoo2 ubuntu1 debian1 cert2 oraclelinux1