CVE-2006-3083

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2006-3083
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2006-3083.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2006-3083
Related
Published
2006-08-09T10:04:00Z
Modified
2024-06-30T12:01:22Z
Summary
[none]
Details

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

References

Affected packages

Debian:11 / krb5

Package

Name
krb5
Purl
pkg:deb/debian/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.3-9

Ecosystem specific

{
    "urgency": "medium"
}

Debian:12 / krb5

Package

Name
krb5
Purl
pkg:deb/debian/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.3-9

Ecosystem specific

{
    "urgency": "medium"
}

Debian:13 / krb5

Package

Name
krb5
Purl
pkg:deb/debian/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.3-9

Ecosystem specific

{
    "urgency": "medium"
}