7.2

CVE-2006-3084

EPSS 0.18%
Veröffentlicht 09.08.2006 10:04:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges.  NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 28

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Heimdal ≫ Heimdal Version <= 0.7.2

Mit ≫ Kerberos 5 Version1.4

Mit ≫ Kerberos 5 Version1.4.1

Mit ≫ Kerberos 5 Version1.4.2

Mit ≫ Kerberos 5 Version1.4.3

Mit ≫ Kerberos 5 Version1.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.398

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/21467

Vendor Advisory

http://www.novell.com/linux/security/advisories/2006_20_sr.html

ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt

http://secunia.com/advisories/21402

Vendor Advisory

http://secunia.com/advisories/21436

Vendor Advisory

http://secunia.com/advisories/21439

Vendor Advisory

http://secunia.com/advisories/21461

Vendor Advisory

http://secunia.com/advisories/21527

Vendor Advisory

http://secunia.com/advisories/21613

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200608-21.xml

http://securitytracker.com/id?1016664

http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt

http://www.debian.org/security/2006/dsa-1146

http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml

http://www.pdc.kth.se/heimdal/advisory/2006-08-08/

http://www.securityfocus.com/archive/1/442599/100/0/threaded

http://www.securityfocus.com/archive/1/443498/100/100/threaded

http://www.securityfocus.com/bid/19427

http://www.ubuntu.com/usn/usn-334-1

http://www.vupen.com/english/advisories/2006/3225

Vendor Advisory

http://fedoranews.org/cms/node/2376

http://secunia.com/advisories/23707

Vendor Advisory

http://www.kb.cert.org/vuls/id/401660

US Government Resource

http://www.osvdb.org/27871

http://www.osvdb.org/27872

https://nvd.nist.gov/vuln/detail/CVE-2006-3084

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-3084

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-3084

EUVD