7.2

CVE-2006-3084

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges.  NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HeimdalHeimdal Version <= 0.7.2
MitKerberos 5 Version1.4
MitKerberos 5 Version1.4.1
MitKerberos 5 Version1.4.2
MitKerberos 5 Version1.4.3
MitKerberos 5 Version1.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.5% 0.393
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/21467
Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_20_sr.html
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
http://secunia.com/advisories/21402
Vendor Advisory
http://secunia.com/advisories/21436
Vendor Advisory
http://secunia.com/advisories/21439
Vendor Advisory
http://secunia.com/advisories/21461
Vendor Advisory
http://secunia.com/advisories/21527
Vendor Advisory
http://secunia.com/advisories/21613
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200608-21.xml
http://securitytracker.com/id?1016664
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt
http://www.debian.org/security/2006/dsa-1146
http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
http://www.securityfocus.com/archive/1/442599/100/0/threaded
http://www.securityfocus.com/archive/1/443498/100/100/threaded
http://www.securityfocus.com/bid/19427
http://www.ubuntu.com/usn/usn-334-1
http://www.vupen.com/english/advisories/2006/3225
Vendor Advisory
http://fedoranews.org/cms/node/2376
http://secunia.com/advisories/23707
Vendor Advisory
http://www.kb.cert.org/vuls/id/401660
US Government Resource
http://www.osvdb.org/27871
http://www.osvdb.org/27872