PublicDate: 2006-08-09 10:04:00 UTC
Candidate: CVE-2006-3084
References:
 https://ubuntu.com/security/notices/USN-334-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084
Description:
 The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5,
 and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check
 return codes for setuid calls, which might allow local users to gain
 privileges by causing setuid to fail to drop privileges.  NOTE: as of
 20060808, it is not known whether an exploitable attack scenario exists for
 these issues.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_krb5: released (1.4.3-5ubuntu0.6)
edgy_krb5: released (1.4.3-9ubuntu1.5)
feisty_krb5: released (1.4.4-5ubuntu3.3)
devel_krb5: released (1.6.dfsg.1-7)
upstream_krb5: needs-triage