CVE-2006-3084

Related Files

Mandriva Linux Security Advisory 2010-129

Posted Jul 8, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-129 - The krshd and v4rcp applications in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. The ftpd and ksu programs in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. The updated packages have been patched to correct these issues.

tags | advisory, local

systems | linux, aix, mandriva

advisories | CVE-2006-3083, CVE-2006-3084, CVE-2010-1321

SHA-256 | 1229d0c29790afa2ad1dd4aa3ac27bed53aaf20094ab9e3f74e7252954698b5d

Download | Favorite | View

Ubuntu Security Notice 334-1

Posted Aug 27, 2006

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-334-1 - Michael Calmer and Marcus Meissner discovered that several krb5 tools did not check the return values from setuid() system calls. On systems that have configured user process limits, it may be possible for an attacker to cause setuid() to fail via resource starvation. In that situation, the tools will not reduce their privilege levels, and will continue operation as the root user.

tags | advisory, root

systems | linux, ubuntu

advisories | CVE-2006-3083, CVE-2006-3084

SHA-256 | 12f66fc37c6dc081c7884cf969144db2f616dc6f0bb1fe070d82c2b129fcea1e

Download | Favorite | View

Debian Linux Security Advisory 1146-1

Posted Aug 27, 2006

Authored by Debian | Site debian.org

Debian Security Advisory 1146-1 - In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success and which may fail with some PAM configurations. A local user could exploit one of these vulnerabilities to result in privilege escalation. No exploit code is known to exist at this time.

tags | advisory, local, vulnerability

systems | linux, debian

advisories | CVE-2006-3083, CVE-2006-3084

SHA-256 | fdf7d56f527f25c74d716fc111873b755285fe60f901c3753bb4d3e0a50eee7e

Download | Favorite | View

MITKRB-SA-2006-001.txt

Posted Aug 18, 2006

Site web.mit.edu

MIT krb5 Security Advisory 2006-001 - In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success. A local user could exploit one of these vulnerabilities to result in privilege escalation.

tags | advisory, local, vulnerability

advisories | CVE-2006-3083, CVE-2006-3084

SHA-256 | 5db9ff2738fcd6d0a0ced2e2d5163d49ea87c62d41b14cf20dadce5116a9f956

Download | Favorite | View