OSVDB ID: 27870 Title: MIT Kerberos 5 v4rcp setuid() Local Privilege Escalation |
Info |
|
|
Dates |
||||
|
|
Description |
MIT Kerberos 5 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the setuid() call fails in the v4rcp program. This flaw may lead to a loss of confidentiality and/or integrity. |
Classification |
Location:
Local Access Required
Attack Type: Information Disclosure, Input Manipulation Impact: Loss of Confidentiality, Loss of Integrity Exploit: Exploit Unknown Disclosure: OSVDB Verified |
Solution |
Upgrade to version 1.4.4, 1.5.1 or higher, as it has been reported to fix this vulnerability. Additionally, the vendor has released a patch to address this issue, or users may opt to apply the following workaround: Disable the affected program by removing the SUID bit |
Products |
|
Credit |
|
suse.de -