Privilege escalation vulnerabilities in MIT krb5 ftpd and ksu may allow an authenticated attacker to execute arbitrary code.
The MIT krb 5 ftpd and ksu programs contain multiple privilege escalation vulnerabilities.
These vulnerabilities are dependent on the host operating system's implementation of the seteuid() system call and result when seteuid() can fail due to resource exhaustion while changing to an unprivileged user ID. Some implementations of seteuid() do not expose the vulnerability.
An authenticated attacker may be able to execute arbitrary code with root privileges.
UpgradeThe MIT Kerberos team has released an update to address these issues. See the Systems Affected section of this document for information about specific vendors. Users who compile Kerberos from the original source distribution should see MIT krb5 Security Advisory 2006-001 for more details.
Thanks to the MIT Kerberos Team for reporting this issue. The MIT Kerberos Team in turn thanks Michael Calmer and Marcus Meissner at SUSE and Shiva Persaud at IBM for providing information about AIX.
This document was written by Ryan Giobbi.
|Date First Published:||2006-08-15|
|Date Last Updated:||2006-08-16 13:36 UTC|