CVE-2006-3084
published 2006-08-09CVE-2006-3084: The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes…
PriorityP426high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.49%
38.3th percentile
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.4.3-9 (bookworm) | krb5 1.4.3-9 (bookworm) |
| heimdal | heimdal | <= 0.7.2 | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.4.3-9 | 1.4.3-9 |
| mit | krb5 | >= 0 < 1.4.3-9 | 1.4.3-9 |
| mit | krb5 | >= 0 < 1.4.3-9 | 1.4.3-9 |
| mit | krb5 | >= 0 < 1.4.3-9 | 1.4.3-9 |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2MEDIUM
vendor_ubuntu7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-863q-qjw4-fmrr: The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1
ghsa_unreviewed·2022-05-03
CVE-2006-3084 [HIGH] GHSA-863q-qjw4-fmrr: The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.
OSV
CVE-2006-3084: The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1
osv·2006-08-09·CVSS 7.2
CVE-2006-3084 [HIGH] CVE-2006-3084: The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.
Ubuntu
krb5 vulnerabilities
vendor_ubuntu·2006-08-16
CVE-2006-3084 krb5 vulnerabilities
Title: krb5 vulnerabilities
Summary: krb5 vulnerabilities
Michael Calmer and Marcus Meissner discovered that several krb5 tools
did not check the return values from setuid() system calls. On systems
that have configured user process limits, it may be possible for an
attacker to cause setuid() to fail via resource starvation. In that
situation, the tools will not reduce their privilege levels, and will
continue operation as the root user.
By default, Ubuntu does not ship with user process limits.
Please note that these packages are not officially supported by Ubuntu
(they are in the 'universe' component of the archive).
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2006-07-29·CVSS 7.2
CVE-2006-3113 [HIGH] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Thunderbird vulnerabilities
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious email containing JavaScript. Please note that JavaScript
is disabled by default for emails, and it is not recommended to enable
it. (CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805,
CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3810,
CVE-2006-3811, CVE-2006-3812)
A buffer overflow has been discovered in the handling of .vcard files.
By tricking a user into importing a malicious vcard into his contacts,
this could be exploited to execute arbitrary code with the user's
privileges. (CVE-2006-3084)
The "enigmail" plugin has been updated to work with the
Debian
CVE-2006-3084: krb5 - The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1....
vendor_debian·2006·CVSS 7.2
CVE-2006-3084 [HIGH] CVE-2006-3084: krb5 - The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1....
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.
Scope: local
bookworm: resolved (fixed in 1.4.3-9)
bullseye: resolved (fixed in 1.4.3-9)
forky: resolved (fixed in 1.4.3-9)
sid: resolved (fixed in 1.4.3-9)
trixie: resolved (fixed in 1.4.3-9)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-3083 krb5 multiple unsafe setuid usage
bugzilla·2006-08-15·CVSS 7.2
CVE-2006-3083 [HIGH] CVE-2006-3083 krb5 multiple unsafe setuid usage
CVE-2006-3083 krb5 multiple unsafe setuid usage
This issue needs fixing as it affects FC6test2.
+++ This bug was initially created as a clone of Bug #197818 +++
krb5 multiple unsafe setuid usage
krb5 contains several unsafe uses of setuid. This is a problem on
RHEL4 due to process restrictions in the 2.6 kernel.
Theses issues do not affect RHEL3 or RHEL2.1 since setuid does not
fail due to user limits.
The advisory from MIT also mentions CVE-2006-3084. That issue
describes issues when calling seteuid() fails. The seteuid() function
on all versions of the linux kernel will not fail due to user limits.
Bugzilla
CVE-2006-3083 krb5 multiple unsafe setuid usage
bugzilla·2006-07-06·CVSS 7.2
CVE-2006-3083 [HIGH] CVE-2006-3083 krb5 multiple unsafe setuid usage
CVE-2006-3083 krb5 multiple unsafe setuid usage
krb5 multiple unsafe setuid usage
krb5 contains several unsafe uses of setuid. This is a problem on
RHEL4 due to process restrictions in the 2.6 kernel.
Theses issues do not affect RHEL3 or RHEL2.1 since setuid does not
fail due to user limits.
The advisory from MIT also mentions CVE-2006-3084. That issue
describes issues when calling seteuid() fails. The seteuid() function
on all versions of the linux kernel will not fail due to user limits.
Discussion:
Created attachment 132010
Patch from upstream
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
ple
arXiv
A Slicing-Based Approach for Detecting and Patching Vulnerable Code Clones
arxiv_fulltext·2025-05-05
A Slicing-Based Approach for Detecting and Patching Vulnerable Code Clones
A Slicing-Based Approach for Detecting and Patching Vulnerable Code Clones
1st Hakam W. Alomari,
2nd Christopher Vendome,
3rd Himal Gyawali
Department of Computer Science and Software Engineering
Miami University, Oxford, Ohio USA
\alomarhw, vendomcg, gyawalh\@miamioh.edu
## Abstract
Code cloning is a common practice in software development, but it poses significant security risks by propagating vulnerabilities across cloned segments. To address this challenge, we introduce srcVul, a scalable, precise detection approach that combines program slicing with Locality-Sensitive Hashing to identify vulnerable code clones and recommend patches. srcVul builds a database of vulnerability-related slices by analyzing known vulnerable programs and their corresponding patches, indexing each slice
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txthttp://fedoranews.org/cms/node/2376http://secunia.com/advisories/21402http://secunia.com/advisories/21436http://secunia.com/advisories/21439http://secunia.com/advisories/21461http://secunia.com/advisories/21467http://secunia.com/advisories/21527http://secunia.com/advisories/21613http://secunia.com/advisories/23707http://security.gentoo.org/glsa/glsa-200608-21.xmlhttp://securitytracker.com/id?1016664http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txthttp://www.debian.org/security/2006/dsa-1146http://www.gentoo.org/security/en/glsa/glsa-200608-15.xmlhttp://www.kb.cert.org/vuls/id/401660http://www.novell.com/linux/security/advisories/2006_20_sr.htmlhttp://www.osvdb.org/27871http://www.osvdb.org/27872http://www.pdc.kth.se/heimdal/advisory/2006-08-08/http://www.securityfocus.com/archive/1/442599/100/0/threadedhttp://www.securityfocus.com/archive/1/443498/100/100/threadedhttp://www.securityfocus.com/bid/19427http://www.ubuntu.com/usn/usn-334-1http://www.vupen.com/english/advisories/2006/3225ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txthttp://fedoranews.org/cms/node/2376http://secunia.com/advisories/21402http://secunia.com/advisories/21436http://secunia.com/advisories/21439http://secunia.com/advisories/21461http://secunia.com/advisories/21467http://secunia.com/advisories/21527http://secunia.com/advisories/21613http://secunia.com/advisories/23707http://security.gentoo.org/glsa/glsa-200608-21.xmlhttp://securitytracker.com/id?1016664http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txthttp://www.debian.org/security/2006/dsa-1146http://www.gentoo.org/security/en/glsa/glsa-200608-15.xmlhttp://www.kb.cert.org/vuls/id/401660http://www.novell.com/linux/security/advisories/2006_20_sr.htmlhttp://www.osvdb.org/27871http://www.osvdb.org/27872http://www.pdc.kth.se/heimdal/advisory/2006-08-08/http://www.securityfocus.com/archive/1/442599/100/0/threadedhttp://www.securityfocus.com/archive/1/443498/100/100/threadedhttp://www.securityfocus.com/bid/19427http://www.ubuntu.com/usn/usn-334-1http://www.vupen.com/english/advisories/2006/3225
2006-08-09
Published