Vulnerability CVE-2006-3084 - CERT Civis.Net

Vulnerability Name:

CVE-2006-3084 (CCN-28379)

Assigned:

2006-08-08

Published:

2006-08-08

Updated:

2020-01-21

Summary:

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges.
Note: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: CONFIRM
Type: UNKNOWN
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt

Source: MITRE
Type: CNA
CVE-2006-3084

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-034

Source: CCN
Type: SA21402
Kerberos V5 setuid Security Issue

Source: SECUNIA
Type: Vendor Advisory
21402

Source: CCN
Type: SA21436
Heimdal setuid Security Issue

Source: SECUNIA
Type: Vendor Advisory
21436

Source: SECUNIA
Type: Vendor Advisory
21439

Source: SECUNIA
Type: Vendor Advisory
21461

Source: SECUNIA
Type: Vendor Advisory
21467

Source: SECUNIA
Type: Vendor Advisory
21527

Source: SECUNIA
Type: Vendor Advisory
21613

Source: SECUNIA
Type: Vendor Advisory
23707

Source: GENTOO
Type: UNKNOWN
GLSA-200608-21

Source: CCN
Type: SECTRACK ID: 1016664
Kerberos Application Flaws in Evaluating setuid/seteuid Calls May Let Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1016664

Source: CCN
Type: MIT krb5 Security Advisory 2006-001
multiple local privilege escalation vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt

Source: CCN
Type: Kerberos Web site
Kerberos: The Network Authentication Protocol

Source: DEBIAN
Type: UNKNOWN
DSA-1146

Source: DEBIAN
Type: DSA-1146
krb5 -- programming error

Source: CCN
Type: GLSA-200608-15
MIT Kerberos 5: Multiple local privilege escalation vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200608-15

Source: CCN
Type: GLSA-200608-21
Heimdal: Multiple local privilege escalation vulnerabilities

Source: CCN
Type: US-CERT VU#401660
MIT Kerberos (krb5) ftpd and ksu do not properly validate seteuid() calls

Source: CERT-VN
Type: US Government Resource
VU#401660

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:020

Source: OSVDB
Type: UNKNOWN
27871

Source: OSVDB
Type: UNKNOWN
27872

Source: CCN
Type: OSVDB ID: 27871
MIT Kerberos 5 ftpd seteuid() Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 27872
MIT Kerberos 5 ksu seteuid() Local Privilege Escalation

Source: CCN
Type: Heimdal Security Advisory
2006-08-08: multiple local privilege escalation vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/

Source: BUGTRAQ
Type: UNKNOWN
20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities

Source: BUGTRAQ
Type: UNKNOWN
20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities

Source: BID
Type: UNKNOWN
19427

Source: CCN
Type: BID-19427
MIT Kerberos 5 Multiple Local Privilege Escalation Vulnerabilities

Source: CCN
Type: USN-329-1
Thunderbird vulnerabilities

Source: CCN
Type: USN-334-1
krb5 vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-334-1

Source: VUPEN
Type: Vendor Advisory
ADV-2006-3225

Source: XF
Type: UNKNOWN
kerberos-seteuid-privilege-escalation(28379)

Source: SUSE
Type: SUSE-SR:2006:020
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:heimdal:heimdal:*:*:*:*:*:*:*:* (Version <= 0.7.2)

OR cpe:/a:mit:kerberos_5:1.4:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mit:kerberos_5:1.5:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.4:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20063084	V	CVE-2006-3084	2015-11-16
oval:org.debian:def:1146	V	programming error	2006-08-09