7.2

CVE-2006-3083

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HeimdalHeimdal Version0.7.2
MitKerberos 5 Version1.4
MitKerberos 5 Version1.4.1
MitKerberos 5 Version1.4.2
MitKerberos 5 Version1.4.3
MitKerberos 5 Version1.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.53% 0.408
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/21847
Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_22_sr.html
http://secunia.com/advisories/21467
Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_20_sr.html
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
http://secunia.com/advisories/21402
Vendor Advisory
http://secunia.com/advisories/21423
Vendor Advisory
http://secunia.com/advisories/21436
Vendor Advisory
http://secunia.com/advisories/21439
Vendor Advisory
http://secunia.com/advisories/21441
Vendor Advisory
http://secunia.com/advisories/21456
Vendor Advisory
http://secunia.com/advisories/21461
Vendor Advisory
http://secunia.com/advisories/21527
Vendor Advisory
http://secunia.com/advisories/21613
Vendor Advisory
http://secunia.com/advisories/22291
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200608-21.xml
http://securitytracker.com/id?1016664
http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt
Patch
Vendor Advisory
http://www.debian.org/security/2006/dsa-1146
http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
http://www.kb.cert.org/vuls/id/580124
Patch
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:139
http://www.osvdb.org/27869
http://www.osvdb.org/27870
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
http://www.redhat.com/support/errata/RHSA-2006-0612.html
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/442599/100/0/threaded
http://www.securityfocus.com/archive/1/443498/100/100/threaded
http://www.securityfocus.com/bid/19427
http://www.ubuntu.com/usn/usn-334-1
http://www.vupen.com/english/advisories/2006/3225
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515