Test ID:	1.3.6.1.4.1.25623.1.1.12.2006.334.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-334-1)
Summary:	The remote host is missing an update for the 'krb5' package(s) announced via the USN-334-1 advisory.
Description:	Summary: The remote host is missing an update for the 'krb5' package(s) announced via the USN-334-1 advisory. Vulnerability Insight: Michael Calmer and Marcus Meissner discovered that several krb5 tools did not check the return values from setuid() system calls. On systems that have configured user process limits, it may be possible for an attacker to cause setuid() to fail via resource starvation. In that situation, the tools will not reduce their privilege levels, and will continue operation as the root user. By default, Ubuntu does not ship with user process limits. Please note that these packages are not officially supported by Ubuntu (they are in the 'universe' component of the archive). Affected Software/OS: 'krb5' package(s) on Ubuntu 5.04, Ubuntu 5.10, Ubuntu 6.06. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3083 BugTraq ID: 19427 http://www.securityfocus.com/bid/19427 Bugtraq: 20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/442599/100/0/threaded Bugtraq: 20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/443498/100/100/threaded CERT/CC vulnerability note: VU#580124 http://www.kb.cert.org/vuls/id/580124 Debian Security Information: DSA-1146 (Google Search) http://www.debian.org/security/2006/dsa-1146 http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml http://security.gentoo.org/glsa/glsa-200608-21.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:139 http://www.osvdb.org/27869 http://www.osvdb.org/27870 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515 http://www.redhat.com/support/errata/RHSA-2006-0612.html http://securitytracker.com/id?1016664 http://secunia.com/advisories/21402 http://secunia.com/advisories/21423 http://secunia.com/advisories/21436 http://secunia.com/advisories/21439 http://secunia.com/advisories/21441 http://secunia.com/advisories/21456 http://secunia.com/advisories/21461 http://secunia.com/advisories/21467 http://secunia.com/advisories/21527 http://secunia.com/advisories/21613 http://secunia.com/advisories/21847 http://secunia.com/advisories/22291 SuSE Security Announcement: SUSE-SR:2006:020 (Google Search) http://www.novell.com/linux/security/advisories/2006_20_sr.html SuSE Security Announcement: SUSE-SR:2006:022 (Google Search) http://www.novell.com/linux/security/advisories/2006_22_sr.html http://www.ubuntu.com/usn/usn-334-1 http://www.vupen.com/english/advisories/2006/3225 Common Vulnerability Exposure (CVE) ID: CVE-2006-3084 CERT/CC vulnerability note: VU#401660 http://www.kb.cert.org/vuls/id/401660 http://fedoranews.org/cms/node/2376 http://www.osvdb.org/27871 http://www.osvdb.org/27872 http://secunia.com/advisories/23707
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.