793 matches found
[SA21436] Heimdal setuid Security Issue
---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...
MIT Kerberos / Heimdal privilege escalation
setuid/seteuid return code is not checked, allowing user to bypass protection by exhausting user limits...
CVE-2006-3084
The 1 ftpd and 2 ksu programs in a MIT Kerberos 5 krb5 up to 1.5, and 1.4.x before 1.4.4, and b Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not kno...
CVE-2006-3083
The 1 krshd and 2 v4rcp applications in a MIT Kerberos 5 krb5 up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and b Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges usi...
CVE-2006-3083
The 1 krshd and 2 v4rcp applications in a MIT Kerberos 5 krb5 up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and b Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges usi...
CVE-2006-3083
The 1 krshd and 2 v4rcp applications in a MIT Kerberos 5 krb5 up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and b Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges usi...
CVE-2006-3084
The 1 ftpd and 2 ksu programs in a MIT Kerberos 5 krb5 up to 1.5, and 1.4.x before 1.4.4, and b Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not kno...
CVE-2006-3084
The 1 ftpd and 2 ksu programs in a MIT Kerberos 5 krb5 up to 1.5, and 1.4.x before 1.4.4, and b Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not kno...
DEBIAN-CVE-2006-3084
The 1 ftpd and 2 ksu programs in a MIT Kerberos 5 krb5 up to 1.5, and 1.4.x before 1.4.4, and b Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not kno...
DEBIAN-CVE-2006-3083
The 1 krshd and 2 v4rcp applications in a MIT Kerberos 5 krb5 up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and b Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges usi...
CVE-2006-3084
The 1 ftpd and 2 ksu programs in a MIT Kerberos 5 krb5 up to 1.5, and 1.4.x before 1.4.4, and b Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not kno...
CVE-2006-3083
The 1 krshd and 2 v4rcp applications in a MIT Kerberos 5 krb5 up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and b Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges usi...
CVE-2006-3084
CVE-2006-3084 affects MIT Kerberos 5 (krb5) up to 1.5 and 1.4.x before 1.4.4, and Heimdal 0.7.2 and earlier. The issue is that the (1) ftpd and (2) ksu setuid calls do not check return codes, which could allow local privilege escalation if setuid fails to drop privileges. The description notes th...
CVE-2006-3083
The 1 krshd and 2 v4rcp applications in a MIT Kerberos 5 krb5 up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and b Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges usi...
CVE-2006-3084
The 1 ftpd and 2 ksu programs in a MIT Kerberos 5 krb5 up to 1.5, and 1.4.x before 1.4.4, and b Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not kno...
CVE-2006-3083
The CVE-2006-3083 family affects MIT Kerberos 5 krb5 (krb5) up to 1.5 and 1.4.x before 1.4.4 on Linux/AIX, and Heimdal 0.7.2 and earlier. The root cause is that return codes for setuid/seteuid are not checked, enabling local privilege escalation when privilege dropping fails (e.g., due to resourc...
security flaw
The 1 krshd and 2 v4rcp applications in a MIT Kerberos 5 krb5 up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and b Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges usi...
FreeBSD : heimdal -- Multiple vulnerabilities (b62c80c2-b81a-11da-bec5-00123ffe8333)
A Project heimdal Security Advisory reports : The telnet client program in Heimdal has buffer overflows in the functions slcaddreply and envoptadd, which may lead to remote code execution. The telnetd server program in Heimdal has buffer overflows in the function getterminaltype, which may lead t...
GLSA-200603-14 : Heimdal: rshd privilege escalation
The remote host is affected by the vulnerability described in GLSA-200603-14 Heimdal: rshd privilege escalation An unspecified privilege escalation vulnerability in the rshd server of Heimdal has been reported. Impact : Authenticated users could exploit the vulnerability to escalate privileges or...
Heimdal: rshd privilege escalation
Background Heimdal is a free implementation of Kerberos 5. Description An unspecified privilege escalation vulnerability in the rshd server of Heimdal has been reported. Impact Authenticated users could exploit the vulnerability to escalate privileges or to change the ownership and content of...