CVE-2006-3083
published 2006-08-09CVE-2006-3083: The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2…
PriorityP428high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.51%
39.7th percentile
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.4.3-9 (bookworm) | krb5 1.4.3-9 (bookworm) |
| heimdal | heimdal | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.4.3-9 | 1.4.3-9 |
| mit | krb5 | >= 0 < 1.4.3-9 | 1.4.3-9 |
| mit | krb5 | >= 0 < 1.4.3-9 | 1.4.3-9 |
| mit | krb5 | >= 0 < 1.4.3-9 | 1.4.3-9 |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2MEDIUM
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
krb5 vulnerabilities
vendor_ubuntu·2006-08-16
CVE-2006-3084 krb5 vulnerabilities
Title: krb5 vulnerabilities
Summary: krb5 vulnerabilities
Michael Calmer and Marcus Meissner discovered that several krb5 tools
did not check the return values from setuid() system calls. On systems
that have configured user process limits, it may be possible for an
attacker to cause setuid() to fail via resource starvation. In that
situation, the tools will not reduce their privilege levels, and will
continue operation as the root user.
By default, Ubuntu does not ship with user process limits.
Please note that these packages are not officially supported by Ubuntu
(they are in the 'universe' component of the archive).
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
security flaw
vendor_redhat·2006-08-08·CVSS 7.2
CVE-2006-3083 [HIGH] security flaw
security flaw
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2006-3083: krb5 - The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5,...
vendor_debian·2006·CVSS 7.2
CVE-2006-3083 [HIGH] CVE-2006-3083: krb5 - The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5,...
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
Scope: local
bookworm: resolved (fixed in 1.4.3-9)
bullseye: resolved (fixed in 1.4.3-9)
forky: resolved (fixed in 1.4.3-9)
sid: resolved (fixed in 1.4.3-9)
trixie: resolved (fixed in 1.4.3-9)
GHSA
GHSA-fxvg-34mm-mrcp: The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1
ghsa_unreviewed·2022-05-03
CVE-2006-3083 [HIGH] GHSA-fxvg-34mm-mrcp: The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
OSV
CVE-2006-3083: The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1
osv·2006-08-09·CVSS 7.2
CVE-2006-3083 [HIGH] CVE-2006-3083: The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-3083 security flaw
bugzilla·2018-08-16·CVSS 7.2
CVE-2006-3083 [HIGH] CVE-2006-3083 security flaw
CVE-2006-3083 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
---
Statement:
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Bugzilla
CVE-2006-3083 krb5 multiple unsafe setuid usage
bugzilla·2006-08-15·CVSS 7.2
CVE-2006-3083 [HIGH] CVE-2006-3083 krb5 multiple unsafe setuid usage
CVE-2006-3083 krb5 multiple unsafe setuid usage
This issue needs fixing as it affects FC6test2.
+++ This bug was initially created as a clone of Bug #197818 +++
krb5 multiple unsafe setuid usage
krb5 contains several unsafe uses of setuid. This is a problem on
RHEL4 due to process restrictions in the 2.6 kernel.
Theses issues do not affect RHEL3 or RHEL2.1 since setuid does not
fail due to user limits.
The advisory from MIT also mentions CVE-2006-3084. That issue
describes issues when calling seteuid() fails. The seteuid() function
on all versions of the linux kernel will not fail due to user limits.
Bugzilla
CVE-2006-3083 krb5 multiple unsafe setuid usage
bugzilla·2006-07-06·CVSS 7.2
CVE-2006-3083 [HIGH] CVE-2006-3083 krb5 multiple unsafe setuid usage
CVE-2006-3083 krb5 multiple unsafe setuid usage
krb5 multiple unsafe setuid usage
krb5 contains several unsafe uses of setuid. This is a problem on
RHEL4 due to process restrictions in the 2.6 kernel.
Theses issues do not affect RHEL3 or RHEL2.1 since setuid does not
fail due to user limits.
The advisory from MIT also mentions CVE-2006-3084. That issue
describes issues when calling seteuid() fails. The seteuid() function
on all versions of the linux kernel will not fail due to user limits.
Discussion:
Created attachment 132010
Patch from upstream
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
ple
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txthttp://secunia.com/advisories/21402http://secunia.com/advisories/21423http://secunia.com/advisories/21436http://secunia.com/advisories/21439http://secunia.com/advisories/21441http://secunia.com/advisories/21456http://secunia.com/advisories/21461http://secunia.com/advisories/21467http://secunia.com/advisories/21527http://secunia.com/advisories/21613http://secunia.com/advisories/21847http://secunia.com/advisories/22291http://security.gentoo.org/glsa/glsa-200608-21.xmlhttp://securitytracker.com/id?1016664http://support.avaya.com/elmodocs2/security/ASA-2006-211.htmhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txthttp://www.debian.org/security/2006/dsa-1146http://www.gentoo.org/security/en/glsa/glsa-200608-15.xmlhttp://www.kb.cert.org/vuls/id/580124http://www.mandriva.com/security/advisories?name=MDKSA-2006:139http://www.novell.com/linux/security/advisories/2006_20_sr.htmlhttp://www.novell.com/linux/security/advisories/2006_22_sr.htmlhttp://www.osvdb.org/27869http://www.osvdb.org/27870http://www.pdc.kth.se/heimdal/advisory/2006-08-08/http://www.redhat.com/support/errata/RHSA-2006-0612.htmlhttp://www.securityfocus.com/archive/1/442599/100/0/threadedhttp://www.securityfocus.com/archive/1/443498/100/100/threadedhttp://www.securityfocus.com/bid/19427http://www.ubuntu.com/usn/usn-334-1http://www.vupen.com/english/advisories/2006/3225https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txthttp://secunia.com/advisories/21402http://secunia.com/advisories/21423http://secunia.com/advisories/21436http://secunia.com/advisories/21439http://secunia.com/advisories/21441http://secunia.com/advisories/21456http://secunia.com/advisories/21461http://secunia.com/advisories/21467http://secunia.com/advisories/21527http://secunia.com/advisories/21613http://secunia.com/advisories/21847http://secunia.com/advisories/22291http://security.gentoo.org/glsa/glsa-200608-21.xmlhttp://securitytracker.com/id?1016664http://support.avaya.com/elmodocs2/security/ASA-2006-211.htmhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txthttp://www.debian.org/security/2006/dsa-1146http://www.gentoo.org/security/en/glsa/glsa-200608-15.xmlhttp://www.kb.cert.org/vuls/id/580124http://www.mandriva.com/security/advisories?name=MDKSA-2006:139http://www.novell.com/linux/security/advisories/2006_20_sr.htmlhttp://www.novell.com/linux/security/advisories/2006_22_sr.htmlhttp://www.osvdb.org/27869http://www.osvdb.org/27870http://www.pdc.kth.se/heimdal/advisory/2006-08-08/http://www.redhat.com/support/errata/RHSA-2006-0612.htmlhttp://www.securityfocus.com/archive/1/442599/100/0/threadedhttp://www.securityfocus.com/archive/1/443498/100/100/threadedhttp://www.securityfocus.com/bid/19427http://www.ubuntu.com/usn/usn-334-1http://www.vupen.com/english/advisories/2006/3225https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515
2006-08-09
Published