CVE-2006-3084

2006-08-0900:00:00

ubuntu.com

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

14.2%

JSON

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5,
and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check
return codes for setuid calls, which might allow local users to gain
privileges by causing setuid to fail to drop privileges. NOTE: as of
20060808, it is not known whether an exploitable attack scenario exists for
these issues.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchkrb5< 1.4.3-5ubuntu0.6UNKNOWN
ubuntu6.10noarchkrb5< 1.4.3-9ubuntu1.5UNKNOWN
ubuntu7.04noarchkrb5< 1.4.4-5ubuntu3.3UNKNOWN