4 matches found
SuSE 10 Security Update : krb5-apps-servers and krb5-apps-clients (ZYPP Patch Number 1938)
Various return checks of setuid and seteuid calls have been fixed in kerberos client and server applications. If these applications are setuid, it might have been possible for local attackers to gain root access. CVE-2006-3083 We are not affected by the seteuid problems, tracked by CVE-2006-3084...
openSUSE 10 Security Update : krb5-apps-clients (krb5-apps-clients-1937)
Various return checks of setuid and seteuid calls have been fixed in kerberos client and server applications. If these applications are setuid, it might have been possible for local attackers to gain root access CVE-2006-3083. We are not affected by the seteuid problems, tracked by CVE-2006-3084...
CVE-2006-3083
The 1 krshd and 2 v4rcp applications in a MIT Kerberos 5 krb5 up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and b Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges usi...
[SECURITY] [DSA 1146-1] New krb5 packages fix privilege escalation
-------------------------------------------------------------------------- Debian Security Advisory DSA 1146-1 [email protected] http://www.debian.org/security/ Martin Schulze August 9th, 2006 http://www.debian.org/security/faq -...