Return to CVE list

CVE-2006-3083

7.2

Critical

CVE-2006-3083

9 Aug 2006

cve@mitre.org

Deferred

View on MITRE Find on GitHub

Description

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

Exploits

No known exploits found for this CVE.

Search Exploit-DB

References

cve@mitre.org

ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt

cve@mitre.org

http://secunia.com/advisories/21402

cve@mitre.org

http://secunia.com/advisories/21423

cve@mitre.org

http://secunia.com/advisories/21436

cve@mitre.org

http://secunia.com/advisories/21439

cve@mitre.org

http://secunia.com/advisories/21441

cve@mitre.org

http://secunia.com/advisories/21456

cve@mitre.org

http://secunia.com/advisories/21461

cve@mitre.org

http://secunia.com/advisories/21467

cve@mitre.org

http://secunia.com/advisories/21527

cve@mitre.org

http://secunia.com/advisories/21613

cve@mitre.org

http://secunia.com/advisories/21847

cve@mitre.org

http://secunia.com/advisories/22291

cve@mitre.org

http://security.gentoo.org/glsa/glsa-200608-21.xml

cve@mitre.org

http://securitytracker.com/id?1016664

cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm

cve@mitre.org

http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt

cve@mitre.org

http://www.debian.org/security/2006/dsa-1146

cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml

cve@mitre.org

http://www.kb.cert.org/vuls/id/580124

cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:139

cve@mitre.org

http://www.novell.com/linux/security/advisories/2006_20_sr.html

cve@mitre.org

http://www.novell.com/linux/security/advisories/2006_22_sr.html

cve@mitre.org

http://www.osvdb.org/27869

cve@mitre.org

http://www.osvdb.org/27870

cve@mitre.org

http://www.pdc.kth.se/heimdal/advisory/2006-08-08/

cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0612.html

cve@mitre.org

http://www.securityfocus.com/archive/1/442599/100/0/threaded

cve@mitre.org

http://www.securityfocus.com/archive/1/443498/100/100/threaded

cve@mitre.org

http://www.securityfocus.com/bid/19427

cve@mitre.org

http://www.ubuntu.com/usn/usn-334-1

cve@mitre.org

http://www.vupen.com/english/advisories/2006/3225

cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515

af854a3a-2127-422b-91ae-364da2661108

ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21402

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21423

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21436

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21439

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21441

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21456

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21461

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21467

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21527

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21613

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21847

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/22291

af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200608-21.xml

af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1016664

af854a3a-2127-422b-91ae-364da2661108

http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm

af854a3a-2127-422b-91ae-364da2661108

http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt

af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2006/dsa-1146

af854a3a-2127-422b-91ae-364da2661108

http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml

af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/580124

af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2006:139

af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2006_20_sr.html

af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2006_22_sr.html

af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/27869

af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/27870

af854a3a-2127-422b-91ae-364da2661108

http://www.pdc.kth.se/heimdal/advisory/2006-08-08/

af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2006-0612.html

af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/442599/100/0/threaded

af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/443498/100/100/threaded

af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/19427

af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-334-1

af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/3225

af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515