CVE-2006-3084

Properties

Published:
08.08.2006
Updated:
30.03.2007
Patch available:
Severity:
High
CVSS vector:
(AV:L/AC:L/Au:NR/C:C/I:C/A:C/B:N)
Product:
MIT: Kerberos 5
MIT: Kerberos 5
MIT: Kerberos 5
MIT: Kerberos 5
MIT: Kerberos 5

Vulnerability description

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges.  NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.

References:

http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt: http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt
CERT-VN: http://www.kb.cert.org/vuls/id/401660
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/442599/100/0/threaded
DEBIAN: http://www.debian.org/security/2006/dsa-1146
GENTOO: http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
UBUNTU: http://www.ubuntu.com/usn/usn-334-1
BID: http://www.securityfocus.com/bid/19427
FRSIRT: http://www.frsirt.com/english/advisories/2006/3225
SECTRACK: http://securitytracker.com/id?1016664
SECUNIA: http://secunia.com/advisories/21439
SECUNIA: http://secunia.com/advisories/21461
SECUNIA: http://secunia.com/advisories/21402
SECUNIA: http://secunia.com/advisories/21527
SUSE: http://www.novell.com/linux/security/advisories/2006_20_sr.html
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/443498/100/100/threaded
GENTOO: http://security.gentoo.org/glsa/glsa-200608-21.xml
FEDORA: http://fedoranews.org/cms/node/2376
SECUNIA: http://secunia.com/advisories/23707
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt: ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/: http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
OSVDB: http://www.osvdb.org/27871
OSVDB: http://www.osvdb.org/27872
SECUNIA: http://secunia.com/advisories/21436
SECUNIA: http://secunia.com/advisories/21613
SECUNIA: http://secunia.com/advisories/21467