CVE-2006-3083 — Uncontrolled Resource Consumption in Heimdal

CWE-39910 documents8 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 78.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 Heimdal MIT Kerberos 5

Timeline

PublishedAug 9

Latest updateMay 3

Description

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶Debianmit/krb5< 1.4.3-9+3

▶NVDmit/kerberos_55 versions+4

▶NVDheimdal/heimdal0.7.2

Patches

Patch: web.mit.edu ↗Patch: www.kb.cert.org ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-fxvg-34mm-mrcp: The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1↗2022-05-03

▶

OSV

CVE-2006-3083: The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1↗2006-08-09

▶

CVEList

CVE-2006-3083: The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1↗2006-08-09

▶

📋Vendor Advisories

Ubuntu

krb5 vulnerabilities↗2006-08-16

▶

Red Hat

security flaw↗2006-08-08

▶

Debian

CVE-2006-3083: krb5 - The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5,...↗2006

▶

💬Community

Bugzilla

CVE-2006-3083 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-3083 krb5 multiple unsafe setuid usage↗2006-08-15

▶

Bugzilla

CVE-2006-3083 krb5 multiple unsafe setuid usage↗2006-07-06

▶