diff options
Diffstat (limited to 'metadata/glsa/glsa-200608-15.xml')
-rw-r--r-- | metadata/glsa/glsa-200608-15.xml | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-200608-15.xml b/metadata/glsa/glsa-200608-15.xml new file mode 100644 index 000000000000..1f1ce9d0279b --- /dev/null +++ b/metadata/glsa/glsa-200608-15.xml @@ -0,0 +1,67 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="200608-15"> + <title>MIT Kerberos 5: Multiple local privilege escalation vulnerabilities</title> + <synopsis> + Some applications shipped with MIT Kerberos 5 are vulnerable to local + privilege escalation. + </synopsis> + <product type="ebuild">MIT Kerberos 5</product> + <announced>2006-08-10</announced> + <revised count="01">2006-08-10</revised> + <bug>143240</bug> + <access>local</access> + <affected> + <package name="app-crypt/mit-krb5" auto="yes" arch="*"> + <unaffected range="ge">1.4.3-r3</unaffected> + <vulnerable range="lt">1.4.3-r3</vulnerable> + </package> + </affected> + <background> + <p> + MIT Kerberos 5 is a suite of applications that implement the Kerberos + network protocol. It is designed to provide strong authentication for + client/server applications by using secret-key cryptography. + </p> + </background> + <description> + <p> + Unchecked calls to setuid() in krshd and v4rcp, as well as unchecked + calls to seteuid() in kftpd and in ksu, have been found in the MIT + Kerberos 5 program suite and may lead to a local root privilege + escalation. + </p> + </description> + <impact type="high"> + <p> + A local attacker could exploit this vulnerability to execute arbitrary + code with elevated privileges. + </p> + </impact> + <workaround> + <p> + There is no known workaround at this time. + </p> + </workaround> + <resolution> + <p> + All MIT Kerberos 5 users should upgrade to the latest version: + </p> + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.4.3-r3"</code> + </resolution> + <references> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083">CVE-2006-3083</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084">CVE-2006-3084</uri> + </references> + <metadata tag="requester" timestamp="2006-08-09T18:31:59Z"> + jaervosz + </metadata> + <metadata tag="submitter" timestamp="2006-08-09T20:23:17Z"> + daxomatic + </metadata> + <metadata tag="bugReady" timestamp="2006-08-10T14:34:58Z"> + falco + </metadata> +</glsa> |