Description
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
References (33)
Core 33
Core References
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:139
Patch, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/580124
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm
Patch, Vendor Advisory x_refsource_confirm
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/27869
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21847
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_20_sr.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200608-21.xml
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21461
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21467
Various Sources x_refsource_confirm
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1146
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0612.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21436
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3225
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21527
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/27870
Vendor Advisory x_refsource_confirm
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/442599/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21439
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21402
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/443498/100/100/threaded
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21613
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_22_sr.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016664
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21441
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22291
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21456
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21423
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-334-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/19427
Scores
EPSS
0.0007
EPSS Percentile
21.5%
Details
CWE
CWE-399
Status
published
Products (6)
heimdal/heimdal
0.7.2
mit/kerberos_5
1.4
mit/kerberos_5
1.4.1
mit/kerberos_5
1.4.2
mit/kerberos_5
1.4.3
mit/kerberos_5
1.5
Published
Aug 09, 2006
Tracked Since
Feb 18, 2026