Detections
Analytics
CVE-2006-3083
high
Description
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515
http://www.vupen.com/english/advisories/2006/3225
http://www.ubuntu.com/usn/usn-334-1
http://www.securityfocus.com/bid/19427
http://www.securityfocus.com/archive/1/443498/100/100/threaded
http://www.securityfocus.com/archive/1/442599/100/0/threaded
http://www.redhat.com/support/errata/RHSA-2006-0612.html
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
http://www.novell.com/linux/security/advisories/2006_22_sr.html
http://www.novell.com/linux/security/advisories/2006_20_sr.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:139
http://www.kb.cert.org/vuls/id/580124
http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
http://www.debian.org/security/2006/dsa-1146
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt
http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm
http://securitytracker.com/id?1016664
http://security.gentoo.org/glsa/glsa-200608-21.xml
http://secunia.com/advisories/22291
http://secunia.com/advisories/21847
http://secunia.com/advisories/21613
http://secunia.com/advisories/21527
http://secunia.com/advisories/21467
http://secunia.com/advisories/21461
http://secunia.com/advisories/21456
http://secunia.com/advisories/21441
http://secunia.com/advisories/21439
http://secunia.com/advisories/21436