Advisories:rPSA-2006-0150

From rPath Wiki

rPath Security Advisory 2006-0150-2

Published: 2006-08-09

Updated

1. 2006-08-18 Refreshed security patch resolves ksu failure

Products

• rPath Linux 1

Rating

Major

Exposure Level Classification

Local Root Deterministic Privilege Escalation

Updated Versions

• krb5=conary.rpath.com@rpl:1/1.4.1-7.3-1
• krb5-server=conary.rpath.com@rpl:1/1.4.1-7.3-1
• krb5-services=conary.rpath.com@rpl:1/1.4.1-7.3-1
• krb5-test=conary.rpath.com@rpl:1/1.4.1-7.3-1
• krb5-workstation=conary.rpath.com@rpl:1/1.4.1-7.3-1

rPath Issue Tracking System

• RPL-570

References

• CVE-2006-3083
• http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt

Description

Previous versions of the krb5 packages are vulnerable to local

root privilege escalation caused by not checking the return

code from the setuid() function in several utilities. These

vulnerabilities are not exposed in the default configuration on

rPath Linux, but some rPath Linux users may have configured krb5

to expose the vulnerabilities by enabling the kerberos krsh and

kerberos ftp services, or by making the ksu or v4rcp binaries

setuid root. These vulnerabilities have been resolved in the

new versions of the krb5 packages.

18 August 2006 Update: The initial fix for this vulnerability had

a bug which could cause ksu to improperly deny access, but would

not cause it to improperly allow access. The newer versions of

the krb5 packages resolve this bug.

Copyright 2006 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html