Vulnerability CVE-2006-3083

Vulnerability Name:

CVE-2006-3083 (CCN-28378)

Assigned:

2006-08-08

Published:

2006-08-08

Updated:

2020-01-21

Summary:

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-399

Vulnerability Consequences:

Gain Privileges

References:

Source: CONFIRM
Type: UNKNOWN
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt

Source: MITRE
Type: CNA
CVE-2006-3083

Source: CCN
Type: RHSA-2006-0612
krb5 security update

Source: CCN
Type: SA21402
Kerberos V5 setuid Security Issue

Source: SECUNIA
Type: Vendor Advisory
21402

Source: SECUNIA
Type: Vendor Advisory
21423

Source: CCN
Type: SA21436
Heimdal setuid Security Issue

Source: SECUNIA
Type: Vendor Advisory
21436

Source: SECUNIA
Type: Vendor Advisory
21439

Source: SECUNIA
Type: Vendor Advisory
21441

Source: SECUNIA
Type: Vendor Advisory
21456

Source: SECUNIA
Type: Vendor Advisory
21461

Source: SECUNIA
Type: Vendor Advisory
21467

Source: SECUNIA
Type: Vendor Advisory
21527

Source: SECUNIA
Type: Vendor Advisory
21613

Source: SECUNIA
Type: Vendor Advisory
21847

Source: CCN
Type: SA22291
Avaya Products Kerberos V5 setuid Security Issue

Source: SECUNIA
Type: Vendor Advisory
22291

Source: GENTOO
Type: UNKNOWN
GLSA-200608-21

Source: CCN
Type: SECTRACK ID: 1016664
Kerberos Application Flaws in Evaluating setuid/seteuid Calls May Let Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1016664

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm

Source: CCN
Type: ASA-2006-211
krb5 security update (RHSA-2006-0612)

Source: CCN
Type: MIT krb5 Security Advisory 2006-001
multiple local privilege escalation vulnerabilities

Source: CONFIRM
Type: Patch, Vendor Advisory
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt

Source: CCN
Type: Kerberos Web site
Kerberos: The Network Authentication Protocol

Source: DEBIAN
Type: UNKNOWN
DSA-1146

Source: DEBIAN
Type: DSA-1146
krb5 -- programming error

Source: CCN
Type: GLSA-200608-15
MIT Kerberos 5: Multiple local privilege escalation vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200608-15

Source: CCN
Type: GLSA-200608-21
Heimdal: Multiple local privilege escalation vulnerabilities

Source: CCN
Type: US-CERT VU#580124
MIT Kerberos (krb5) krshd and v4rcp do not properly validate setuid() or seteuid() calls

Source: CERT-VN
Type: Patch, US Government Resource
VU#580124

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:139

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:020

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:022

Source: OSVDB
Type: UNKNOWN
27869

Source: OSVDB
Type: UNKNOWN
27870

Source: CCN
Type: OSVDB ID: 27869
MIT Kerberos 5 krshd setuid() Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 27870
MIT Kerberos 5 v4rcp setuid() Local Privilege Escalation

Source: CCN
Type: Heimdal Security Advisory
2006-08-08: multiple local privilege escalation vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2006:0612

Source: BUGTRAQ
Type: UNKNOWN
20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities

Source: BUGTRAQ
Type: UNKNOWN
20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities

Source: BID
Type: UNKNOWN
19427

Source: CCN
Type: BID-19427
MIT Kerberos 5 Multiple Local Privilege Escalation Vulnerabilities

Source: CCN
Type: USN-334-1
krb5 vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-334-1

Source: VUPEN
Type: Vendor Advisory
ADV-2006-3225

Source: XF
Type: UNKNOWN
kerberos-setuid-privilege-escalation(28378)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9515

Source: SUSE
Type: SUSE-SR:2006:020
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2006:022
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:heimdal:heimdal:0.7.2:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.4:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.5:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mit:kerberos_5:1.5:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.4:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20063083	V	CVE-2006-3083	2015-11-16
oval:org.mitre.oval:def:9515	V	The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.	2013-04-29
oval:com.redhat.rhsa:def:20060612	P	RHSA-2006:0612: krb5 security update (Important)	2008-03-20
oval:org.debian:def:1146	V	programming error	2006-08-09

BACK