CVE-2006-3084
https://notcve.org/view.php?id=CVE-2006-3084
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues. Los programas (1) ftpd y (2) ksu en MIT Kerberos 5 (krb5) actualizado a 1.5, y 1.4.X anterior a 1.4.4, no valida el código de retorno para las llamadas setuid, lo cual permite a un usuario local ganar privilegios provocando fallos del setuid para subir privilegios. NOTA: con en 20060808, no se conoce si existe un panorama explotable para estas ediciones. • ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt http://fedoranews.org/cms/node/2376 http://secunia.com/advisories/21402 http://secunia.com/advisories/21436 http://secunia.com/advisories/21439 http://secunia.com/advisories/21461 http://secunia.com/advisories/21467 http://secunia.com/advisories/21527 http://secunia.com/advisories/21613 http://secunia.com/advisories/23707 http://security.gentoo.org/glsa/glsa-200608-21.xml http://securitytracker.c • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2005-1689
https://notcve.org/view.php?id=CVE-2005-1689
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions. Vulnerabilidad de doble liberación de memoria en la función krb5_recvauth en MIT Kerberos 5 (krb5) 1.4.1 y anteriores permite que atacantes remotos ejecuten código arbitrario mediante ciertas condiciones de error. • ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000993 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://marc.info/?l=bugtraq&m=112119974704542&w=2 http://secunia.com/advisories/16041 http://secunia.com/advisories/17135 http://secunia.com/advisories/17899 http://secunia.com/advisories/22090 • CWE-415: Double Free •
CVE-2005-1174
https://notcve.org/view.php?id=CVE-2005-1174
MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory. MIT Kerberos 5 (krb5) 1.3 hasta la 1.4.1 Key Distribution Center (KDC) permite que atacantes remotos causen una denegación de servicio (caída de la aplicación) mediante ciertas conexiones válidas de TCP que provocan la liberación de memoria no reservada. • ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://marc.info/?l=bugtraq&m=112122123211974&w=2 http://secunia.com/advisories/16041 http://secunia.com/advisories/17899 http://secunia.com/advisories/20364 http://securitytracker.com/id?1014460 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101809- •
CVE-2005-1175
https://notcve.org/view.php?id=CVE-2005-1175
Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request. Desbordamiento de búfer en MIT Kerberos 5 (krb5) 1.3 hasta la 1.4.1 Key Distribution Center (KDC) permite que atacantes remotos causen una denegación de servicio (caída de la aplicación) y posiblmente ejecuten código arbitrario mediante cierta petición válida TCP o UDP. • ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://marc.info/?l=bugtraq&m=112122123211974&w=2 http://secunia.com/advisories/16041 http://secunia.com/advisories/17135 http://secunia.com/advisories/17899 http://secunia.com/advisories/20364 http://securitytracker.com/id?1014460 http://sunsolve.sun.com/s •
CVE-2005-0488
https://notcve.org/view.php?id=CVE-2005-0488
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. • http://idefense.com/application/poi/display?id=260&type=vulnerabilities http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html http://secunia.com/advisories/17135 http://secunia.com/advisories/21253 http://securitytracker.com/id?1014203 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101665-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101671-1 http://sunsolve.sun.com/search/document.do? •