CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
28.2%
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.
Vendor | Product | Version | CPE |
---|---|---|---|
heimdal | heimdal | * | cpe:2.3:a:heimdal:heimdal:*:*:*:*:*:*:*:* |
mit | kerberos_5 | 1.4 | cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:* |
mit | kerberos_5 | 1.4.1 | cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:* |
mit | kerberos_5 | 1.4.2 | cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:* |
mit | kerberos_5 | 1.4.3 | cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:* |
mit | kerberos_5 | 1.5 | cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:* |
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
fedoranews.org/cms/node/2376
secunia.com/advisories/21402
secunia.com/advisories/21436
secunia.com/advisories/21439
secunia.com/advisories/21461
secunia.com/advisories/21467
secunia.com/advisories/21527
secunia.com/advisories/21613
secunia.com/advisories/23707
security.gentoo.org/glsa/glsa-200608-21.xml
securitytracker.com/id?1016664
web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt
www.debian.org/security/2006/dsa-1146
www.gentoo.org/security/en/glsa/glsa-200608-15.xml
www.kb.cert.org/vuls/id/401660
www.novell.com/linux/security/advisories/2006_20_sr.html
www.osvdb.org/27871
www.osvdb.org/27872
www.pdc.kth.se/heimdal/advisory/2006-08-08/
www.securityfocus.com/archive/1/442599/100/0/threaded
www.securityfocus.com/archive/1/443498/100/100/threaded
www.securityfocus.com/bid/19427
www.ubuntu.com/usn/usn-334-1
www.vupen.com/english/advisories/2006/3225