CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
13.2%
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
Vendor | Product | Version | CPE |
---|---|---|---|
heimdal | heimdal | 0.7.2 | cpe:2.3:a:heimdal:heimdal:0.7.2:*:*:*:*:*:*:* |
mit | kerberos_5 | 1.4 | cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:* |
mit | kerberos_5 | 1.4.1 | cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:* |
mit | kerberos_5 | 1.4.2 | cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:* |
mit | kerberos_5 | 1.4.3 | cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:* |
mit | kerberos_5 | 1.5 | cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:* |
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
secunia.com/advisories/21402
secunia.com/advisories/21423
secunia.com/advisories/21436
secunia.com/advisories/21439
secunia.com/advisories/21441
secunia.com/advisories/21456
secunia.com/advisories/21461
secunia.com/advisories/21467
secunia.com/advisories/21527
secunia.com/advisories/21613
secunia.com/advisories/21847
secunia.com/advisories/22291
security.gentoo.org/glsa/glsa-200608-21.xml
securitytracker.com/id?1016664
support.avaya.com/elmodocs2/security/ASA-2006-211.htm
web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt
www.debian.org/security/2006/dsa-1146
www.gentoo.org/security/en/glsa/glsa-200608-15.xml
www.kb.cert.org/vuls/id/580124
www.mandriva.com/security/advisories?name=MDKSA-2006:139
www.novell.com/linux/security/advisories/2006_20_sr.html
www.novell.com/linux/security/advisories/2006_22_sr.html
www.osvdb.org/27869
www.osvdb.org/27870
www.pdc.kth.se/heimdal/advisory/2006-08-08/
www.redhat.com/support/errata/RHSA-2006-0612.html
www.securityfocus.com/archive/1/442599/100/0/threaded
www.securityfocus.com/archive/1/443498/100/100/threaded
www.securityfocus.com/bid/19427
www.ubuntu.com/usn/usn-334-1
www.vupen.com/english/advisories/2006/3225
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515