Rapid7 Vulnerability & Exploit Database

Gentoo Linux: CVE-2006-3083: MIT Kerberos 5: Multiple local privilege escalation vulnerabilities

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Gentoo Linux: CVE-2006-3083: MIT Kerberos 5: Multiple local privilege escalation vulnerabilities

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

08/09/2006

Created

07/25/2018

Added

10/30/2017

Modified

10/29/2021

Description

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

Solution(s)

gentoo-linux-upgrade-app-crypt-heimdal
gentoo-linux-upgrade-app-crypt-mit-krb5

References

https://attackerkb.com/topics/cve-2006-3083
19427
580124
CVE - 2006-3083
DSA-1146
200608-15
200608-21
OVAL9515
RHSA-2006:0612

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;