Search for vulnerabilities
Vulnerability details: VCID-p8hb-24gt-aaae
Vulnerability ID VCID-p8hb-24gt-aaae
Aliases CVE-2006-3083
Summary The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-399 Resource Management Errors
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2006:0612
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2006-3083
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1618134
cvssv2 7.2 https://nvd.nist.gov/vuln/detail/CVE-2006-3083
Reference id Reference type URL
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3083.json
https://api.first.org/data/v1/epss?cve=CVE-2006-3083
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083
http://secunia.com/advisories/21402
http://secunia.com/advisories/21423
http://secunia.com/advisories/21436
http://secunia.com/advisories/21439
http://secunia.com/advisories/21441
http://secunia.com/advisories/21456
http://secunia.com/advisories/21461
http://secunia.com/advisories/21467
http://secunia.com/advisories/21527
http://secunia.com/advisories/21613
http://secunia.com/advisories/21847
http://secunia.com/advisories/22291
http://security.gentoo.org/glsa/glsa-200608-21.xml
http://securitytracker.com/id?1016664
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515
http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt
http://www.debian.org/security/2006/dsa-1146
http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
http://www.kb.cert.org/vuls/id/580124
http://www.mandriva.com/security/advisories?name=MDKSA-2006:139
http://www.novell.com/linux/security/advisories/2006_20_sr.html
http://www.novell.com/linux/security/advisories/2006_22_sr.html
http://www.osvdb.org/27869
http://www.osvdb.org/27870
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
http://www.redhat.com/support/errata/RHSA-2006-0612.html
http://www.securityfocus.com/archive/1/442599/100/0/threaded
http://www.securityfocus.com/archive/1/443498/100/100/threaded
http://www.securityfocus.com/bid/19427
http://www.ubuntu.com/usn/usn-334-1
http://www.vupen.com/english/advisories/2006/3225
1618134 https://bugzilla.redhat.com/show_bug.cgi?id=1618134
cpe:2.3:a:heimdal:heimdal:0.7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:heimdal:heimdal:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
CVE-2006-3083 https://nvd.nist.gov/vuln/detail/CVE-2006-3083
GLSA-200608-15 https://security.gentoo.org/glsa/200608-15
GLSA-200608-21 https://security.gentoo.org/glsa/200608-21
RHSA-2006:0612 https://access.redhat.com/errata/RHSA-2006:0612
USN-334-1 https://usn.ubuntu.com/334-1/
No exploits are available.
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2006-3083
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.10913
EPSS Score 0.00043
Published At Nov. 28, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.