MIT Kerberos 5 v4rcp setuid() Local Privilege Escalation

2006-08-08T07:05:17
ID OSVDB:27870
Type osvdb
Reporter Michael Calmer(), Marcus Meissner(meissner@suse.de)
Modified 2006-08-08T07:05:17

Description

Vulnerability Description

MIT Kerberos 5 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the setuid() call fails in the v4rcp program. This flaw may lead to a loss of confidentiality and/or integrity.

Solution Description

Upgrade to version 1.4.4, 1.5.1 or higher, as it has been reported to fix this vulnerability. Additionally, the vendor has released a patch to address this issue, or users may opt to apply the following workaround: Disable the affected program by removing the SUID bit

Short Description

MIT Kerberos 5 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the setuid() call fails in the v4rcp program. This flaw may lead to a loss of confidentiality and/or integrity.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1016664 Secunia Advisory ID:21527 Secunia Advisory ID:21456 Secunia Advisory ID:21461 Secunia Advisory ID:21402 Secunia Advisory ID:21436 Secunia Advisory ID:21467 Secunia Advisory ID:21847 Secunia Advisory ID:21439 Secunia Advisory ID:21441 Secunia Advisory ID:21613 Secunia Advisory ID:22291 Related OSVDB ID: 27869 Related OSVDB ID: 27871 Related OSVDB ID: 27872 RedHat RHSA: RHSA-2006:0612-8 Other Advisory URL: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-001-setuid.txt Other Advisory URL: http://www.us.debian.org/security/2006/dsa-1146 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200608-15.xml Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0347.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0157.html Keyword: MIT krb5 Security Advisory 2006-001 ISS X-Force ID: 28379 ISS X-Force ID: 28378 FrSIRT Advisory: ADV-2006-3225 CVE-2006-3083 CERT VU: 580124 Bugtraq ID: 19427