Full Disclosure mailing list archives
rPSA-2006-0150-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
From: "Justin M. Forbes" <jmforbes () rpath com>
Date: Wed, 09 Aug 2006 13:01:42 -0400
rPath Security Advisory: 2006-0150-1 Published: 2006-08-09 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local Root Deterministic Privilege Escalation Updated Versions: krb5=/conary.rpath.com@rpl:devel//1/1.4.1-7.2-1 krb5-server=/conary.rpath.com@rpl:devel//1/1.4.1-7.2-1 krb5-services=/conary.rpath.com@rpl:devel//1/1.4.1-7.2-1 krb5-test=/conary.rpath.com@rpl:devel//1/1.4.1-7.2-1 krb5-workstation=/conary.rpath.com@rpl:devel//1/1.4.1-7.2-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083 https://issues.rpath.com/browse/RPL-570 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt Description: Previous versions of the krb5 packages are vulnerable to local root privilege escalation caused by not checking the return code from the setuid() function in several utilities. These vulnerabilities are not exposed in the default configuration on rPath Linux, but some rPath Linux users may have configured krb5 to expose the vulnerabilities by enabling the kerberos krsh and kerberos ftp services, or by making the ksu or v4rcp binaries setuid root. These vulnerabilities have been resolved in the new versions of the krb5 packages. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- rPSA-2006-0150-1 krb5 krb5-server krb5-services krb5-test krb5-workstation Justin M. Forbes (Aug 09)