Vulnerability Description
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Heimdal | Heimdal | 0.7.2 |
| Mit | Kerberos 5 | 1.4 |
Related Weaknesses (CWE)
References
- ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
- http://secunia.com/advisories/21402Vendor Advisory
- http://secunia.com/advisories/21423Vendor Advisory
- http://secunia.com/advisories/21436Vendor Advisory
- http://secunia.com/advisories/21439Vendor Advisory
- http://secunia.com/advisories/21441Vendor Advisory
- http://secunia.com/advisories/21456Vendor Advisory
- http://secunia.com/advisories/21461Vendor Advisory
- http://secunia.com/advisories/21467Vendor Advisory
- http://secunia.com/advisories/21527Vendor Advisory
- http://secunia.com/advisories/21613Vendor Advisory
- http://secunia.com/advisories/21847Vendor Advisory
- http://secunia.com/advisories/22291Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200608-21.xml
- http://securitytracker.com/id?1016664
FAQ
What is CVE-2006-3083?
CVE-2006-3083 is a vulnerability with a CVSS score of 7.2 (HIGH). The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for...
How severe is CVE-2006-3083?
CVE-2006-3083 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3083?
Check the references section above for vendor advisories and patch information. Affected products include: Heimdal Heimdal, Mit Kerberos 5.