All the vulnerabilites related to heimdal - heimdal
cve-2006-3084
Vulnerability from cvelistv5
Published
2006-08-09 10:00
Modified
2024-08-07 18:16
Severity ?
EPSS score ?
Summary
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:05.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2007-034",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2376"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt"
},
{
"name": "SUSE-SR:2006:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"name": "VU#401660",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/401660"
},
{
"name": "GLSA-200608-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-21.xml"
},
{
"name": "21461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21461"
},
{
"name": "21467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21467"
},
{
"name": "27872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27872"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt"
},
{
"name": "DSA-1146",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1146"
},
{
"name": "21436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21436"
},
{
"name": "ADV-2006-3225",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3225"
},
{
"name": "21527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21527"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/"
},
{
"name": "20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442599/100/0/threaded"
},
{
"name": "23707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23707"
},
{
"name": "21439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21439"
},
{
"name": "21402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21402"
},
{
"name": "20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443498/100/100/threaded"
},
{
"name": "21613",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21613"
},
{
"name": "1016664",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016664"
},
{
"name": "GLSA-200608-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml"
},
{
"name": "27871",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27871"
},
{
"name": "USN-334-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-334-1"
},
{
"name": "19427",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19427"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2007-034",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2376"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt"
},
{
"name": "SUSE-SR:2006:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"name": "VU#401660",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/401660"
},
{
"name": "GLSA-200608-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-21.xml"
},
{
"name": "21461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21461"
},
{
"name": "21467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21467"
},
{
"name": "27872",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27872"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt"
},
{
"name": "DSA-1146",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1146"
},
{
"name": "21436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21436"
},
{
"name": "ADV-2006-3225",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3225"
},
{
"name": "21527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21527"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/"
},
{
"name": "20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442599/100/0/threaded"
},
{
"name": "23707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23707"
},
{
"name": "21439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21439"
},
{
"name": "21402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21402"
},
{
"name": "20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443498/100/100/threaded"
},
{
"name": "21613",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21613"
},
{
"name": "1016664",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016664"
},
{
"name": "GLSA-200608-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml"
},
{
"name": "27871",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27871"
},
{
"name": "USN-334-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-334-1"
},
{
"name": "19427",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19427"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2007-034",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2376"
},
{
"name": "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt"
},
{
"name": "SUSE-SR:2006:020",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"name": "VU#401660",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/401660"
},
{
"name": "GLSA-200608-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-21.xml"
},
{
"name": "21461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21461"
},
{
"name": "21467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21467"
},
{
"name": "27872",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27872"
},
{
"name": "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt",
"refsource": "CONFIRM",
"url": "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt"
},
{
"name": "DSA-1146",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1146"
},
{
"name": "21436",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21436"
},
{
"name": "ADV-2006-3225",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3225"
},
{
"name": "21527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21527"
},
{
"name": "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/",
"refsource": "CONFIRM",
"url": "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/"
},
{
"name": "20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442599/100/0/threaded"
},
{
"name": "23707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23707"
},
{
"name": "21439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21439"
},
{
"name": "21402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21402"
},
{
"name": "20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443498/100/100/threaded"
},
{
"name": "21613",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21613"
},
{
"name": "1016664",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016664"
},
{
"name": "GLSA-200608-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml"
},
{
"name": "27871",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27871"
},
{
"name": "USN-334-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-334-1"
},
{
"name": "19427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19427"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3084",
"datePublished": "2006-08-09T10:00:00",
"dateReserved": "2006-06-19T00:00:00",
"dateUpdated": "2024-08-07T18:16:05.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5939
Vulnerability from cvelistv5
Published
2007-12-06 15:00
Modified
2024-08-07 15:47
Severity ?
EPSS score ?
Summary
The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1019057 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/44750 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/26758 | vdb-entry, x_refsource_BID | |
| http://bugs.gentoo.org/show_bug.cgi?id=199207 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:239 | vendor-advisory, x_refsource_MANDRIVA | |
| http://marc.info/?l=full-disclosure&m=119704362903699&w=2 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019057",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019057"
},
{
"name": "44750",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44750"
},
{
"name": "26758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26758"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=199207"
},
{
"name": "MDKSA-2007:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:239"
},
{
"name": "20071207 Heimdal ftpd uninitialized vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=119704362903699\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-12-12T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019057",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019057"
},
{
"name": "44750",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44750"
},
{
"name": "26758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26758"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=199207"
},
{
"name": "MDKSA-2007:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:239"
},
{
"name": "20071207 Heimdal ftpd uninitialized vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=119704362903699\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019057",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019057"
},
{
"name": "44750",
"refsource": "OSVDB",
"url": "http://osvdb.org/44750"
},
{
"name": "26758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26758"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=199207",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=199207"
},
{
"name": "MDKSA-2007:239",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:239"
},
{
"name": "20071207 Heimdal ftpd uninitialized vulnerability",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=119704362903699\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5939",
"datePublished": "2007-12-06T15:00:00",
"dateReserved": "2007-11-13T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41916
Vulnerability from cvelistv5
Published
2022-11-15 00:00
Modified
2025-04-23 16:37
Severity ?
EPSS score ?
Summary
Read one byte past a buffer when normalizing Unicode
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx"
},
{
"name": "DSA-5287",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5287"
},
{
"name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
},
{
"name": "GLSA-202310-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:54:33.510262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:37:26.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "heimdal",
"vendor": "heimdal",
"versions": [
{
"status": "affected",
"version": "\u003c 7.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal\u0027s PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal\u0027s libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193: Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-08T08:06:36.676Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx"
},
{
"name": "DSA-5287",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5287"
},
{
"name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
},
{
"name": "GLSA-202310-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202310-06"
}
],
"source": {
"advisory": "GHSA-mgqr-gvh6-23cx",
"discovery": "UNKNOWN"
},
"title": "Read one byte past a buffer when normalizing Unicode"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41916",
"datePublished": "2022-11-15T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:37:26.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3083
Vulnerability from cvelistv5
Published
2006-08-09 10:00
Modified
2024-08-07 18:16
Severity ?
EPSS score ?
Summary
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:05.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2006:139",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:139"
},
{
"name": "VU#580124",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/580124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt"
},
{
"name": "27869",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27869"
},
{
"name": "21847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21847"
},
{
"name": "SUSE-SR:2006:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"name": "GLSA-200608-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-21.xml"
},
{
"name": "21461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21461"
},
{
"name": "21467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21467"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt"
},
{
"name": "DSA-1146",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1146"
},
{
"name": "RHSA-2006:0612",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0612.html"
},
{
"name": "21436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21436"
},
{
"name": "ADV-2006-3225",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3225"
},
{
"name": "21527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21527"
},
{
"name": "27870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/"
},
{
"name": "20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442599/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:9515",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515"
},
{
"name": "21439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21439"
},
{
"name": "21402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21402"
},
{
"name": "20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443498/100/100/threaded"
},
{
"name": "21613",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21613"
},
{
"name": "SUSE-SR:2006:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_22_sr.html"
},
{
"name": "1016664",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016664"
},
{
"name": "21441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21441"
},
{
"name": "22291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22291"
},
{
"name": "21456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21456"
},
{
"name": "GLSA-200608-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml"
},
{
"name": "21423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21423"
},
{
"name": "USN-334-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-334-1"
},
{
"name": "19427",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19427"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2006:139",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:139"
},
{
"name": "VU#580124",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/580124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt"
},
{
"name": "27869",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27869"
},
{
"name": "21847",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21847"
},
{
"name": "SUSE-SR:2006:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"name": "GLSA-200608-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-21.xml"
},
{
"name": "21461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21461"
},
{
"name": "21467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21467"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt"
},
{
"name": "DSA-1146",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1146"
},
{
"name": "RHSA-2006:0612",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0612.html"
},
{
"name": "21436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21436"
},
{
"name": "ADV-2006-3225",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3225"
},
{
"name": "21527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21527"
},
{
"name": "27870",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/"
},
{
"name": "20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442599/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:9515",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515"
},
{
"name": "21439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21439"
},
{
"name": "21402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21402"
},
{
"name": "20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443498/100/100/threaded"
},
{
"name": "21613",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21613"
},
{
"name": "SUSE-SR:2006:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_22_sr.html"
},
{
"name": "1016664",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016664"
},
{
"name": "21441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21441"
},
{
"name": "22291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22291"
},
{
"name": "21456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21456"
},
{
"name": "GLSA-200608-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml"
},
{
"name": "21423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21423"
},
{
"name": "USN-334-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-334-1"
},
{
"name": "19427",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19427"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2006:139",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:139"
},
{
"name": "VU#580124",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/580124"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm"
},
{
"name": "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt"
},
{
"name": "27869",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27869"
},
{
"name": "21847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21847"
},
{
"name": "SUSE-SR:2006:020",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"name": "GLSA-200608-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-21.xml"
},
{
"name": "21461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21461"
},
{
"name": "21467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21467"
},
{
"name": "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt",
"refsource": "CONFIRM",
"url": "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt"
},
{
"name": "DSA-1146",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1146"
},
{
"name": "RHSA-2006:0612",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0612.html"
},
{
"name": "21436",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21436"
},
{
"name": "ADV-2006-3225",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3225"
},
{
"name": "21527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21527"
},
{
"name": "27870",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27870"
},
{
"name": "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/",
"refsource": "CONFIRM",
"url": "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/"
},
{
"name": "20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442599/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:9515",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515"
},
{
"name": "21439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21439"
},
{
"name": "21402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21402"
},
{
"name": "20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443498/100/100/threaded"
},
{
"name": "21613",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21613"
},
{
"name": "SUSE-SR:2006:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_22_sr.html"
},
{
"name": "1016664",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016664"
},
{
"name": "21441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21441"
},
{
"name": "22291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22291"
},
{
"name": "21456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21456"
},
{
"name": "GLSA-200608-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml"
},
{
"name": "21423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21423"
},
{
"name": "USN-334-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-334-1"
},
{
"name": "19427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19427"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3083",
"datePublished": "2006-08-09T10:00:00",
"dateReserved": "2006-06-19T00:00:00",
"dateUpdated": "2024-08-07T18:16:05.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-200505-0162
Vulnerability from variot
Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The gzip program contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Included with many products telnet Clients env_opt_add() There is a vulnerability that causes a buffer overflow when certain input data including escape characters is processed due to improper bounds checking in the function.Configured by a third party telnet Guided or crafted the target user to log in to the server Web By displaying the page, arbitrary code may be executed with the user's authority. Multiple vendors' Telnet client applications are reported prone to a remote buffer-overflow vulnerability. This vulnerability reportedly occurs in the 'env_opt_add()' function in the 'telnet.c' source file, which is apparently common source for all the affected vendors.
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: gzip Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA21996
VERIFY ADVISORY: http://secunia.com/advisories/21996/
CRITICAL: Moderately critical
IMPACT: DoS, System access
WHERE:
From remote
SOFTWARE: gzip 1.x http://secunia.com/product/4220/
DESCRIPTION: Tavis Ormandy has reported some vulnerabilities in gzip, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
1) A boundary error within the "make_table()" function in unlzh.c can be used to modify certain stack data. tricking a user or automated system into unpacking a specially crafted archive file. tricking a user or automated system into unpacking a specially crafted "pack" archive file.
3) A buffer overflow within the "make_table()" function of gzip's LZH support can be exploited to cause a DoS and potentially to compromise a vulnerable system by e.g. tricking a user or automated system into unpacking an archive containing a specially crafted decoding table.
4) A NULL pointer dereference within the "huft_build()" function and an infinite loop within the LZH handling can be exploited to cause a DoS by e.g. tricking a user or automated system into unpacking a specially crafted archive file.
The vulnerabilities have been reported in version 1.3.5. Other versions may also be affected.
SOLUTION: Do not unpack untrusted archive files.
PROVIDED AND/OR DISCOVERED BY: Tavis Ormandy, Google Security Team
ORIGINAL ADVISORY: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
OTHER REFERENCES: US-CERT VU#554780: http://www.kb.cert.org/vuls/id/554780
US-CERT VU#381508: http://www.kb.cert.org/vuls/id/381508
US-CERT VU#773548: http://www.kb.cert.org/vuls/id/773548
US-CERT VU#933712: http://www.kb.cert.org/vuls/id/933712
US-CERT VU#596848 http://www.kb.cert.org/vuls/id/596848
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. BACKGROUND
The TELNET protocol allows virtual network terminals to be connected to over the internet. The initial description of the telnet protocol was given in RFC854 in May 1983. Since then there have been many extra features added including encryption.
II.
The vulnerability specifically exists in the env_opt_add() function of telnet.c. A buffer of a fixed size (256 bytes) is allocated to store the result of the processing this function performs on network input. If this buffer is not large enough to contain the string, the buffer is expanded by a further 256 bytes. This size is sufficient for most well formed input, as the buffer passed as input to the affected function is limited to the same size. However, due to the way the telnet protocol escapes certain characters, it is possible to increase the length of the output by including a large run of characters which need escaping. This can allow the 256 byte input buffer to expand to a maximum of 512 bytes in the allocated storage buffer. If, after expanding the buffer by 256 bytes, the buffer is still not large enough to contain the input, a heap based buffer overflow occurs, which is exploitable on at least some affected platforms.
III. It may be possible to automatically launch the telnet command from a webpage, for example: