User: Password:
Subscribe / Log in / New account

krb5: local privilege escalation

Package(s):krb5 CVE #(s):CVE-2006-3083
Created:August 9, 2006 Updated:July 7, 2010
Description: Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges.
Mandriva MDVSA-2010:129 heimdal 2010-07-07
SuSE SUSE-SR:2006:022 heimdal, xsp 2006-09-08
Gentoo 200608-21 heimdal 2006-08-23
Ubuntu USN-334-1 krb5 2006-08-16
Fedora FEDORA-2006-905 krb5 2006-08-09
Mandriva MDKSA-2006:139 krb5 2006-09-09
Gentoo 200608-15 mit-krb5 2006-08-10
rPath rPSA-2006-0150-1 krb5 2006-08-09
Red Hat RHSA-2006:0612-01 krb5 2006-08-08
Debian DSA-1146-1 krb5 2006-08-09

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds