The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Heimdal
  • Heimdal
Mit
  • Kerberos 5
Redhat
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:a:heimdal:heimdal:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 4
krb5-0:1.3.4-33 cpe:/o:redhat:enterprise_linux:4 RHSA-2006:0612 2006-08-08T00:00:00Z
References
Link Providers
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt cve-icon cve-icon
http://secunia.com/advisories/21402 cve-icon cve-icon
http://secunia.com/advisories/21423 cve-icon cve-icon
http://secunia.com/advisories/21436 cve-icon cve-icon
http://secunia.com/advisories/21439 cve-icon cve-icon
http://secunia.com/advisories/21441 cve-icon cve-icon
http://secunia.com/advisories/21456 cve-icon cve-icon
http://secunia.com/advisories/21461 cve-icon cve-icon
http://secunia.com/advisories/21467 cve-icon cve-icon
http://secunia.com/advisories/21527 cve-icon cve-icon
http://secunia.com/advisories/21613 cve-icon cve-icon
http://secunia.com/advisories/21847 cve-icon cve-icon
http://secunia.com/advisories/22291 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200608-21.xml cve-icon cve-icon
http://securitytracker.com/id?1016664 cve-icon cve-icon
http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm cve-icon cve-icon
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt cve-icon cve-icon
http://www.debian.org/security/2006/dsa-1146 cve-icon cve-icon
http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml cve-icon cve-icon
http://www.kb.cert.org/vuls/id/580124 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2006:139 cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2006_20_sr.html cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2006_22_sr.html cve-icon cve-icon
http://www.osvdb.org/27869 cve-icon cve-icon
http://www.osvdb.org/27870 cve-icon cve-icon
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/ cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2006-0612.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/442599/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/443498/100/100/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/19427 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-334-1 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/3225 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2006-3083 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2006-3083 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-09T10:00:00

Updated: 2024-08-07T18:16:05.682Z

Reserved: 2006-06-19T00:00:00

Link: CVE-2006-3083

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-08-09T10:04:00.000

Modified: 2020-01-21T15:45:33.223

Link: CVE-2006-3083

cve-icon Redhat

Severity : Important

Publid Date: 2006-08-08T00:00:00Z

Links: CVE-2006-3083 - Bugzilla