CVE-2006-3084

N/A Unknown
Published: August 09, 2006 Modified: April 16, 2026
View on NVD

Description

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
Source: cve@mitre.org
http://fedoranews.org/cms/node/2376
Source: cve@mitre.org
http://secunia.com/advisories/21402
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/21436
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/21439
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/21461
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/21467
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/21527
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/21613
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/23707
Source: cve@mitre.org
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200608-21.xml
Source: cve@mitre.org
http://securitytracker.com/id?1016664
Source: cve@mitre.org
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt
Source: cve@mitre.org
http://www.debian.org/security/2006/dsa-1146
Source: cve@mitre.org
http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
Source: cve@mitre.org
http://www.kb.cert.org/vuls/id/401660
Source: cve@mitre.org
US Government Resource
http://www.novell.com/linux/security/advisories/2006_20_sr.html
Source: cve@mitre.org
http://www.osvdb.org/27871
Source: cve@mitre.org
http://www.osvdb.org/27872
Source: cve@mitre.org
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/442599/100/0/threaded
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/443498/100/100/threaded
Source: cve@mitre.org
http://www.securityfocus.com/bid/19427
Source: cve@mitre.org
http://www.ubuntu.com/usn/usn-334-1
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2006/3225
Source: cve@mitre.org
Vendor Advisory
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
Source: af854a3a-2127-422b-91ae-364da2661108
http://fedoranews.org/cms/node/2376
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/21402
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21436
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21439
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21461
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21467
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21527
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21613
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/23707
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200608-21.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://securitytracker.com/id?1016664
Source: af854a3a-2127-422b-91ae-364da2661108
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2006/dsa-1146
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.kb.cert.org/vuls/id/401660
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.novell.com/linux/security/advisories/2006_20_sr.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.osvdb.org/27871
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.osvdb.org/27872
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/442599/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/443498/100/100/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/19427
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-334-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2006/3225
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

50 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.5%
68th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

heimdal mit

Related CVEs

CVE-2026-6951 9.8
CVE-2026-6175 N/A
CVE-2026-42171 7.8
CVE-2026-41488 3.1
CVE-2026-41481 6.5