CVE - CVE-2006-3083

CVE-ID
CVE-2006-3083	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:19427 URL:http://www.securityfocus.com/bid/19427 BUGTRAQ:20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities URL:http://www.securityfocus.com/archive/1/442599/100/0/threaded BUGTRAQ:20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities URL:http://www.securityfocus.com/archive/1/443498/100/100/threaded CERT-VN:VU#580124 URL:http://www.kb.cert.org/vuls/id/580124 CONFIRM:ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm CONFIRM:http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt CONFIRM:http://www.pdc.kth.se/heimdal/advisory/2006-08-08/ DEBIAN:DSA-1146 URL:http://www.debian.org/security/2006/dsa-1146 GENTOO:GLSA-200608-15 URL:http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml GENTOO:GLSA-200608-21 URL:http://security.gentoo.org/glsa/glsa-200608-21.xml MANDRIVA:MDKSA-2006:139 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:139 OSVDB:27869 URL:http://www.osvdb.org/27869 OSVDB:27870 URL:http://www.osvdb.org/27870 OVAL:oval:org.mitre.oval:def:9515 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515 REDHAT:RHSA-2006:0612 URL:http://www.redhat.com/support/errata/RHSA-2006-0612.html SECTRACK:1016664 URL:http://securitytracker.com/id?1016664 SECUNIA:21402 URL:http://secunia.com/advisories/21402 SECUNIA:21423 URL:http://secunia.com/advisories/21423 SECUNIA:21436 URL:http://secunia.com/advisories/21436 SECUNIA:21439 URL:http://secunia.com/advisories/21439 SECUNIA:21441 URL:http://secunia.com/advisories/21441 SECUNIA:21456 URL:http://secunia.com/advisories/21456 SECUNIA:21461 URL:http://secunia.com/advisories/21461 SECUNIA:21467 URL:http://secunia.com/advisories/21467 SECUNIA:21527 URL:http://secunia.com/advisories/21527 SECUNIA:21613 URL:http://secunia.com/advisories/21613 SECUNIA:21847 URL:http://secunia.com/advisories/21847 SECUNIA:22291 URL:http://secunia.com/advisories/22291 SUSE:SUSE-SR:2006:020 URL:http://www.novell.com/linux/security/advisories/2006_20_sr.html SUSE:SUSE-SR:2006:022 URL:http://www.novell.com/linux/security/advisories/2006_22_sr.html UBUNTU:USN-334-1 URL:http://www.ubuntu.com/usn/usn-334-1 VUPEN:ADV-2006-3225 URL:http://www.vupen.com/english/advisories/2006/3225
Assigning CNA
MITRE Corporation
Date Record Created
20060619	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060619)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)