CVE-2006-3083

N/A Unknown

Published: August 09, 2006 Modified: April 16, 2026

Description

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt

Source: cve@mitre.org

http://secunia.com/advisories/21402

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21423

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21436

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21439

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21441

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21456

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21461

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21467

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21527

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21613

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21847

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/22291

Source: cve@mitre.org

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200608-21.xml

Source: cve@mitre.org

http://securitytracker.com/id?1016664

Source: cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm

Source: cve@mitre.org

http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt

Source: cve@mitre.org

Patch Vendor Advisory

http://www.debian.org/security/2006/dsa-1146

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/580124

Source: cve@mitre.org

Patch US Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2006:139

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2006_20_sr.html

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2006_22_sr.html

Source: cve@mitre.org

http://www.osvdb.org/27869

Source: cve@mitre.org

http://www.osvdb.org/27870

Source: cve@mitre.org

http://www.pdc.kth.se/heimdal/advisory/2006-08-08/

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0612.html

Source: cve@mitre.org

Patch Vendor Advisory

http://www.securityfocus.com/archive/1/442599/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/443498/100/100/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/19427

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-334-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/3225

Source: cve@mitre.org

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515

Source: cve@mitre.org

ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt