Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2006-3084

Published: 09/08/2006 Updated: 21/01/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Mit

Vulnerability Summary

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x prior to 1.4.4, and (b) Heimdal 0.7.2 and previous versions, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.

Vulnerable Product Search on Vulmon Subscribe to Product

mit kerberos 5 1.5

heimdal heimdal

mit kerberos 5 1.4

mit kerberos 5 1.4.1

mit kerberos 5 1.4.2

mit kerberos 5 1.4.3

Vendor Advisories

Ubuntu Security Notice: mozilla-thunderbird vulnerabilities
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it (CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006 ...
Ubuntu Security Notice: krb5 vulnerabilities
Michael Calmer and Marcus Meissner discovered that several krb5 tools did not check the return values from setuid() system calls On systems that have configured user process limits, it may be possible for an attacker to cause setuid() to fail via resource starvation In that situation, the tools will not reduce their privilege levels, and will c ...

References

CWE-264http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txthttp://www.kb.cert.org/vuls/id/401660http://www.debian.org/security/2006/dsa-1146http://www.gentoo.org/security/en/glsa/glsa-200608-15.xmlhttp://www.ubuntu.com/usn/usn-334-1http://www.securityfocus.com/bid/19427http://securitytracker.com/id?1016664http://secunia.com/advisories/21439http://secunia.com/advisories/21461http://secunia.com/advisories/21402http://secunia.com/advisories/21527http://www.novell.com/linux/security/advisories/2006_20_sr.htmlhttp://security.gentoo.org/glsa/glsa-200608-21.xmlhttp://fedoranews.org/cms/node/2376http://secunia.com/advisories/23707ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txthttp://www.pdc.kth.se/heimdal/advisory/2006-08-08/http://www.osvdb.org/27871http://www.osvdb.org/27872http://secunia.com/advisories/21436http://secunia.com/advisories/21613http://secunia.com/advisories/21467http://www.vupen.com/english/advisories/2006/3225http://www.securityfocus.com/archive/1/443498/100/100/threadedhttp://www.securityfocus.com/archive/1/442599/100/0/threadedhttps://nvd.nist.govhttps://usn.ubuntu.com/329-1/https://www.kb.cert.org/vuls/id/401660
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook