Launchpad.net

CVE 2006-3083

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://web.mit.edu/Ker...
CERT-VN: VU#580124
REDHAT: RHSA-2006:0612
DEBIAN: DSA-1146
GENTOO: GLSA-200608-15
UBUNTU: USN-334-1
BID: 19427
SECTRACK: 1016664
SECUNIA: 21423
SECUNIA: 21439
SECUNIA: 21461
SECUNIA: 21402
SECUNIA: 21441
SECUNIA: 21456
SECUNIA: 21527
SUSE: SUSE-SR:2006:020
GENTOO: GLSA-200608-21
SUSE: SUSE-SR:2006:022
CONFIRM: http://support.avaya.c...
SECUNIA: 22291
SECUNIA: 21847
CONFIRM: ftp://ftp.pdc.kth.se/p...
CONFIRM: http://www.pdc.kth.se/...
OSVDB: 27869
OSVDB: 27870
SECUNIA: 21436
SECUNIA: 21613
SECUNIA: 21467
MANDRIVA: MDKSA-2006:139
VUPEN: ADV-2006-3225
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20060808 MITKRB-SA-200...
BUGTRAQ: 20060816 UPDATED: MITK...

Launchpad.net

CVE 2006-3083

Related bugs

References