CVE-2006-3084

2006-08-0900:00:00

ubuntu.com

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

28.2%

JSON

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5,
and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check
return codes for setuid calls, which might allow local users to gain
privileges by causing setuid to fail to drop privileges. NOTE: as of
20060808, it is not known whether an exploitable attack scenario exists for
these issues.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchkrb5< 1.4.3-5ubuntu0.6UNKNOWN
ubuntu6.10noarchkrb5< 1.4.3-9ubuntu1.5UNKNOWN
ubuntu7.04noarchkrb5< 1.4.4-5ubuntu3.3UNKNOWN