CVE-2006-3084 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-3084
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3084

Description: The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-334-1 SUSE http://www.novell.com/linux/security/advisories/2006_20_sr.html ST 1016664 SAID Secunia Advisory: SA21436 Secunia Advisory: SA21439 Secunia Advisory: SA21461 Secunia Advisory: SA21402 Secunia Advisory: SA21527 Secunia Advisory: SA21613 Secunia Advisory: SA23707 Secunia Advisory: SA21467 OSVDB 27872 27871 GENTOO http://security.gentoo.org/glsa/glsa-200608-21.xml http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml FEDORA http://fedoranews.org/cms/node/2376 DEBIAN http://www.debian.org/security/2006/dsa-1146 CONFIRM http://www.pdc.kth.se/heimdal/advisory/2006-08-08/ http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt CERT-VN 401660 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/443498/100/100/threaded http://www.securityfocus.com/archive/1/archive/1/442599/100/0/threaded BID 19427

Return to the previous page.