7.2
CVE-2006-3084
- EPSS 0.5%
- Veröffentlicht 09.08.2006 10:04:00
- Zuletzt bearbeitet 16.06.2026 22:26:22
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mit ≫ Kerberos 5 Version1.4
Mit ≫ Kerberos 5 Version1.4.1
Mit ≫ Kerberos 5 Version1.4.2
Mit ≫ Kerberos 5 Version1.4.3
Mit ≫ Kerberos 5 Version1.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.393 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
http://secunia.com/advisories/21467
http://www.novell.com/linux/security/advisories/2006_20_sr.html
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
http://secunia.com/advisories/21402
http://secunia.com/advisories/21436
http://secunia.com/advisories/21439
http://secunia.com/advisories/21461
http://secunia.com/advisories/21527
http://secunia.com/advisories/21613
http://security.gentoo.org/glsa/glsa-200608-21.xml
http://securitytracker.com/id?1016664
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt
http://www.debian.org/security/2006/dsa-1146
http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
http://www.securityfocus.com/archive/1/442599/100/0/threaded
http://www.securityfocus.com/archive/1/443498/100/100/threaded
http://www.securityfocus.com/bid/19427
http://www.ubuntu.com/usn/usn-334-1
http://www.vupen.com/english/advisories/2006/3225
http://fedoranews.org/cms/node/2376
http://secunia.com/advisories/23707
http://www.kb.cert.org/vuls/id/401660
http://www.osvdb.org/27871
http://www.osvdb.org/27872