exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2006-3083

Status Candidate

Overview

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

Related Files

Mandriva Linux Security Advisory 2010-129
Posted Jul 8, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-129 - The krshd and v4rcp applications in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. The ftpd and ksu programs in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. The updated packages have been patched to correct these issues.

tags | advisory, local
systems | linux, aix, mandriva
advisories | CVE-2006-3083, CVE-2006-3084, CVE-2010-1321
SHA-256 | 1229d0c29790afa2ad1dd4aa3ac27bed53aaf20094ab9e3f74e7252954698b5d
Ubuntu Security Notice 334-1
Posted Aug 27, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-334-1 - Michael Calmer and Marcus Meissner discovered that several krb5 tools did not check the return values from setuid() system calls. On systems that have configured user process limits, it may be possible for an attacker to cause setuid() to fail via resource starvation. In that situation, the tools will not reduce their privilege levels, and will continue operation as the root user.

tags | advisory, root
systems | linux, ubuntu
advisories | CVE-2006-3083, CVE-2006-3084
SHA-256 | 12f66fc37c6dc081c7884cf969144db2f616dc6f0bb1fe070d82c2b129fcea1e
Mandriva Linux Security Advisory 2006.139
Posted Aug 27, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-139 - A flaw was discovered in some bundled Kerberos-aware packages that would fail to check the results of the setuid() call. This call can fail in some circumstances on the Linux 2.6 kernel if certain user limits are reached, which could be abused by a local attacker to get the applications to continue to run as root, possibly leading to an elevation of privilege.

tags | advisory, kernel, local, root
systems | linux, mandriva
advisories | CVE-2006-3083
SHA-256 | f029b2aa00bed2d9f30dd82c9b39ee984241d7c19daea742e84df081598b0ebe
Debian Linux Security Advisory 1146-1
Posted Aug 27, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1146-1 - In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success and which may fail with some PAM configurations. A local user could exploit one of these vulnerabilities to result in privilege escalation. No exploit code is known to exist at this time.

tags | advisory, local, vulnerability
systems | linux, debian
advisories | CVE-2006-3083, CVE-2006-3084
SHA-256 | fdf7d56f527f25c74d716fc111873b755285fe60f901c3753bb4d3e0a50eee7e
MITKRB-SA-2006-001.txt
Posted Aug 18, 2006
Site web.mit.edu

MIT krb5 Security Advisory 2006-001 - In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success. A local user could exploit one of these vulnerabilities to result in privilege escalation.

tags | advisory, local, vulnerability
advisories | CVE-2006-3083, CVE-2006-3084
SHA-256 | 5db9ff2738fcd6d0a0ced2e2d5163d49ea87c62d41b14cf20dadce5116a9f956
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close