[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-3084Date: (C)2006-08-09   (M)2023-12-22


The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1016664
BID-19427
http://www.securityfocus.com/archive/1/442599/100/0/threaded
http://www.securityfocus.com/archive/1/443498/100/100/threaded
SECUNIA-21402
SECUNIA-21436
SECUNIA-21439
SECUNIA-21461
SECUNIA-21467
SECUNIA-21527
SECUNIA-21613
SECUNIA-23707
OSVDB-27871
OSVDB-27872
ADV-2006-3225
DSA-1146
FEDORA-2007-034
GLSA-200608-15
GLSA-200608-21
SUSE-SR:2006:020
USN-334-1
VU#401660
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/

CPE    1
cpe:/a:heimdal:heimdal
CWE    1
CWE-264

© SecPod Technologies