Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2006-3083

Published: 09/08/2006 Updated: 21/01/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Heimdal

Vulnerability Summary

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x prior to 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and previous versions, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

Vulnerable Product Search on Vulmon Subscribe to Product

heimdal heimdal 0.7.2

mit kerberos 5 1.4.2

mit kerberos 5 1.4.3

mit kerberos 5 1.4

mit kerberos 5 1.4.1

mit kerberos 5 1.5

Vendor Advisories

Ubuntu Security Notice: krb5 vulnerabilities
Michael Calmer and Marcus Meissner discovered that several krb5 tools did not check the return values from setuid() system calls On systems that have configured user process limits, it may be possible for an attacker to cause setuid() to fail via resource starvation In that situation, the tools will not reduce their privilege levels, and will c ...

References

CWE-399http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txthttp://www.kb.cert.org/vuls/id/580124http://www.redhat.com/support/errata/RHSA-2006-0612.htmlhttp://www.debian.org/security/2006/dsa-1146http://www.gentoo.org/security/en/glsa/glsa-200608-15.xmlhttp://www.ubuntu.com/usn/usn-334-1http://www.securityfocus.com/bid/19427http://securitytracker.com/id?1016664http://secunia.com/advisories/21423http://secunia.com/advisories/21439http://secunia.com/advisories/21461http://secunia.com/advisories/21402http://secunia.com/advisories/21441http://secunia.com/advisories/21456http://secunia.com/advisories/21527http://www.novell.com/linux/security/advisories/2006_20_sr.htmlhttp://security.gentoo.org/glsa/glsa-200608-21.xmlhttp://www.novell.com/linux/security/advisories/2006_22_sr.htmlhttp://support.avaya.com/elmodocs2/security/ASA-2006-211.htmhttp://secunia.com/advisories/22291http://secunia.com/advisories/21847ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txthttp://www.pdc.kth.se/heimdal/advisory/2006-08-08/http://www.osvdb.org/27869http://www.osvdb.org/27870http://secunia.com/advisories/21436http://secunia.com/advisories/21613http://secunia.com/advisories/21467http://www.mandriva.com/security/advisories?name=MDKSA-2006:139http://www.vupen.com/english/advisories/2006/3225https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515http://www.securityfocus.com/archive/1/443498/100/100/threadedhttp://www.securityfocus.com/archive/1/442599/100/0/threadedhttps://usn.ubuntu.com/334-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/580124
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook