CVE-2006-3083 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-3083
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3083

Description: The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-334-1 SUSE http://www.novell.com/linux/security/advisories/2006_22_sr.html http://www.novell.com/linux/security/advisories/2006_20_sr.html ST 1016664 SAID Secunia Advisory: SA21439 Secunia Advisory: SA21436 Secunia Advisory: SA21423 Secunia Advisory: SA21461 Secunia Advisory: SA21402 Secunia Advisory: SA21441 Secunia Advisory: SA21456 Secunia Advisory: SA21527 Secunia Advisory: SA22291 Secunia Advisory: SA21613 Secunia Advisory: SA21847 Secunia Advisory: SA21467 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0612.html OSVDB 27870 27869 MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:139 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml http://security.gentoo.org/glsa/glsa-200608-21.xml DEBIAN http://www.debian.org/security/2006/dsa-1146 CONFIRM http://www.pdc.kth.se/heimdal/advisory/2006-08-08/ http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt CERT-VN 580124 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/443498/100/100/threaded http://www.securityfocus.com/archive/1/archive/1/442599/100/0/threaded BID 19427

Return to the previous page.