CVE-2006-3083
krb5 - programming error
EPSS 0.07%
Description
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
How to fix CVE-2006-3083
To remediate CVE-2006-3083, upgrade the affected package to a fixed version below.
- Debian/krb5—upgrade to 1.4.3-9 or later
- Debian/krb5—upgrade to 1.3.6-2sarge3 or later
Is CVE-2006-3083 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.4.3-9
- from 0, < 1.3.6-2sarge3