7.2

CVE-2006-3084

EPSS 0.18%
Published 09.08.2006 10:04:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges.  NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.

Affected products Warnungen 0 Metrics 2 CWE 0 References 28

Data is provided by the National Vulnerability Database (NVD)

Heimdal ≫ Heimdal Version <= 0.7.2

Mit ≫ Kerberos 5 Version1.4

Mit ≫ Kerberos 5 Version1.4.1

Mit ≫ Kerberos 5 Version1.4.2

Mit ≫ Kerberos 5 Version1.4.3

Mit ≫ Kerberos 5 Version1.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.398

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/21467

Vendor Advisory

http://www.novell.com/linux/security/advisories/2006_20_sr.html

ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt

http://secunia.com/advisories/21402

Vendor Advisory

http://secunia.com/advisories/21436

Vendor Advisory

http://secunia.com/advisories/21439

Vendor Advisory

http://secunia.com/advisories/21461

Vendor Advisory

http://secunia.com/advisories/21527

Vendor Advisory

http://secunia.com/advisories/21613

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200608-21.xml

http://securitytracker.com/id?1016664

http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt

http://www.debian.org/security/2006/dsa-1146

http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml

http://www.pdc.kth.se/heimdal/advisory/2006-08-08/

http://www.securityfocus.com/archive/1/442599/100/0/threaded

http://www.securityfocus.com/archive/1/443498/100/100/threaded

http://www.securityfocus.com/bid/19427

http://www.ubuntu.com/usn/usn-334-1

http://www.vupen.com/english/advisories/2006/3225

Vendor Advisory

http://fedoranews.org/cms/node/2376

http://secunia.com/advisories/23707

Vendor Advisory

http://www.kb.cert.org/vuls/id/401660

US Government Resource

http://www.osvdb.org/27871

http://www.osvdb.org/27872

https://nvd.nist.gov/vuln/detail/CVE-2006-3084

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-3084

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-3084

EUVD