MIT Kerberos 5 ftpd seteuid() Local Privilege Escalation

2006-08-08T07:05:17
ID OSVDB:27871
Type osvdb
Reporter Michael Calmer(), Marcus Meissner(meissner@suse.de)
Modified 2006-08-08T07:05:17

Description

Vulnerability Description

MIT Kerberos 5 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the seteuid() call fails in the ftpd program. This flaw may lead to a loss of confidentiality and/or integrity.

Solution Description

Upgrade to version 1.4.4, 1.5.1 or higher, as it has been reported to fix this vulnerability. Additionally, the vendor has released a patch to address this issue, or users may opt to apply the following workaround: Disable the affected program by removing the SUID bit

Short Description

MIT Kerberos 5 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the seteuid() call fails in the ftpd program. This flaw may lead to a loss of confidentiality and/or integrity.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1016664 Secunia Advisory ID:21527 Secunia Advisory ID:21456 Secunia Advisory ID:21461 Secunia Advisory ID:21402 Secunia Advisory ID:21436 Secunia Advisory ID:21467 Secunia Advisory ID:21439 Secunia Advisory ID:21441 Secunia Advisory ID:21613 Secunia Advisory ID:23707 Related OSVDB ID: 27869 Related OSVDB ID: 27870 Related OSVDB ID: 27872 RedHat RHSA: RHSA-2006:0612-8 Other Advisory URL: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-001-setuid.txt Other Advisory URL: http://www.us.debian.org/security/2006/dsa-1146 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200608-15.xml Other Advisory URL: http://fedoranews.org/cms/node/2376 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0347.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0157.html Keyword: MIT krb5 Security Advisory 2006-001 ISS X-Force ID: 28379 ISS X-Force ID: 28378 FrSIRT Advisory: ADV-2006-3225 CVE-2006-3084 CERT VU: 580124 CERT VU: 401660 Bugtraq ID: 19427