Overview
Privilege escalation vulnerabilities in MIT krb5 ftpd and ksu may allow an authenticated attacker to execute arbitrary code.
Description
The MIT krb 5 ftpd and ksu programs contain multiple privilege escalation vulnerabilities. These vulnerabilities are dependent on the host operating system's implementation of the seteuid() system call and result when seteuid() can fail due to resource exhaustion while changing to an unprivileged user ID. Some implementations of seteuid() do not expose the vulnerability.
|
Impact
An authenticated attacker may be able to execute arbitrary code with root privileges. |
Solution
UpgradeThe MIT Kerberos team has released an update to address these issues. See the Systems Affected section of this document for information about specific vendors. Users who compile Kerberos from the original source distribution should see MIT krb5 Security Advisory 2006-001 for more details. |
|
Vendor Information
Gentoo Linux Affected
Notified: July 28, 2006 Updated: August 24, 2006
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
See Gentoo Linux Security Advisory GLSA 200608-15 for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MIT Kerberos Development Team Affected
Notified: July 27, 2006 Updated: August 08, 2006
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see MIT krb5 Security Advisory 2006-001.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Mandriva, Inc. Affected
Notified: July 28, 2006 Updated: August 24, 2006
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
See Mandrivia advisory MDKSA-2006:139 for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Apple Computer, Inc. Not Affected
Notified: July 28, 2006 Updated: August 18, 2006
Status
Not Affected
Vendor Statement
Mac OS X and Mac OS X Server are not susceptible to the issues described in this vulnerability note.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
AttachmateWRQ, Inc. Not Affected
Notified: July 28, 2006 Updated: August 23, 2006
Status
Not Affected
Vendor Statement
No versions of the Attachmate Reflection Kerberos Client are subject to these privilege escalation vulnerabilities. The Reflection Kerberos Client is not based on the MIT code base and runs only on Microsoft Windows operating systems.
For the latest Attachmate security update information, Attachmate recommends you regularly check the Security Updates and Reflection web page at: http://support.wrq.com/techdocs/1708.html
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM Corporation Not Affected
Notified: July 28, 2006 Updated: August 08, 2006
Status
Not Affected
Vendor Statement
Kerberos is available for AIX via Network Authentication Service. Network Authentication Service is not affected by the issues mentioned in CERT Vulnerability Notes VU#580124 (CVE-2006-3083) and VU#401660 (CVE-2006-3084).
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Juniper Networks, Inc. Not Affected
Notified: July 28, 2006 Updated: August 08, 2006
Status
Not Affected
Vendor Statement
Juniper Networks products are not susceptible to this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Conectiva Inc. Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Cray Inc. Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
CyberSafe, Inc. Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Debian GNU/Linux Unknown
Notified: July 28, 2006 Updated: August 24, 2006
Status
Unknown
Vendor Statement
See Debian Security Advisory DSA-1146-1 for more details.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
EMC, Inc. (formerly Data General Corporation) Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Engarde Secure Linux Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
F5 Networks, Inc. Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Fedora Project Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
FreeBSD, Inc. Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Fujitsu Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Heimdal Kerberos Project Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hewlett-Packard Company Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hitachi Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM Corporation (zseries) Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM eServer Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Immunix Communications, Inc. Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ingrian Networks, Inc. Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
KTH Kerberos Team Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Microsoft Corporation Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
MontaVista Software, Inc. Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
NEC Corporation Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
NetBSD Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Nokia Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Novell, Inc. Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
OpenBSD Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Openwall GNU/*/Linux Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
QNX, Software Systems, Inc. Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Red Hat, Inc. Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
SUSE Linux Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Silicon Graphics, Inc. Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Slackware Linux Inc. Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Sony Corporation Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Sun Microsystems, Inc. Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
The SCO Group Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Trustix Secure Linux Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Turbolinux Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ubuntu Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Unisys Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Wind River Systems, Inc. Unknown
Notified: July 28, 2006 Updated: July 28, 2006
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to the MIT Kerberos Team for reporting this issue. The MIT Kerberos Team in turn thanks Michael Calmer and Marcus Meissner at SUSE and Shiva Persaud at IBM for providing information about AIX.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | CVE-2006-3084 |
| Severity Metric: | 2.33 |
| Date Public: | 2006-07-26 |
| Date First Published: | 2006-08-15 |
| Date Last Updated: | 2006-08-16 13:36 UTC |
| Document Revision: | 40 |