Lucene search

K
gentooGentoo FoundationGLSA-200608-21
HistoryAug 23, 2006 - 12:00 a.m.

Heimdal: Multiple local privilege escalation vulnerabilities

2006-08-2300:00:00
Gentoo Foundation
security.gentoo.org
7

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

14.9%

Background

Heimdal is a free implementation of Kerberos 5.

Description

The ftpd and rcp applications provided by Heimdal fail to check the return value of calls to seteuid().

Impact

A local attacker could exploit this vulnerability to execute arbitrary code with elevated privileges.

Workaround

There is no known workaround at this time.

Resolution

All Heimdal users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.7.2-r3"
OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-crypt/heimdal< 0.7.2-r3UNKNOWN

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

14.9%