New Search

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5 and 1.4.x before 1.4.4 when running on Linux and AIX and (b) Heimdal 0.7.2 and earlier do not check return codes for setuid calls which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

oval:org.mitre.oval:def:9515

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5 and 1.4.x before 1.4.4 when running on Linux and AIX and (b) Heimdal 0.7.2 and earlier do not check return codes for setuid calls which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 4
  • Oracle Linux 4
  • Red Hat Enterprise Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2006-3083
Product(s):