Rapid7 Vulnerability & Exploit Database

Gentoo Linux: CVE-2006-3084: MIT Kerberos 5: Multiple local privilege escalation vulnerabilities

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Gentoo Linux: CVE-2006-3084: MIT Kerberos 5: Multiple local privilege escalation vulnerabilities

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

08/09/2006

Created

07/25/2018

Added

10/30/2017

Modified

10/29/2021

Description

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.

Solution(s)

gentoo-linux-upgrade-app-crypt-heimdal
gentoo-linux-upgrade-app-crypt-mit-krb5

References

https://attackerkb.com/topics/cve-2006-3084
19427
401660
CVE - 2006-3084
DSA-1146
200608-15
200608-21

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;