- EPSS 1.66%
- Veröffentlicht 06.12.2007 15:46:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability ...
CVE-2006-3083
- EPSS 0.07%
- Veröffentlicht 09.08.2006 10:04:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain pr...
CVE-2006-3084
- EPSS 0.18%
- Veröffentlicht 09.08.2006 10:04:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fai...