CVE-2006-3083

Name: CVE-2006-3083
Creator: NVD / NIST
Published: 2006-08-09T10:04:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.51%

Last modified Jun 16, 2026

CVE-2006-3083 is a vulnerability of currently unknown severity. The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.. EPSS estimates a 0.51% chance of exploitation in the next 30 days.

Description

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

Metrics

EPSS Probability

0.51%

39.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-399

Affected Software

Vendor	Product	Versions
Heimdal	Heimdal	0.7.2
Mit	Kerberos 5	1.4
Mit	Kerberos 5	1.4.1
Mit	Kerberos 5	1.4.2
Mit	Kerberos 5	1.4.3
Mit	Kerberos 5	1.5

References

ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
http://secunia.com/advisories/21402Vendor Advisory
http://secunia.com/advisories/21423Vendor Advisory
http://secunia.com/advisories/21436Vendor Advisory
http://secunia.com/advisories/21439Vendor Advisory
http://secunia.com/advisories/21441Vendor Advisory
http://secunia.com/advisories/21456Vendor Advisory
http://secunia.com/advisories/21461Vendor Advisory
http://secunia.com/advisories/21467Vendor Advisory
http://secunia.com/advisories/21527Vendor Advisory
http://secunia.com/advisories/21613Vendor Advisory
http://secunia.com/advisories/21847Vendor Advisory
http://secunia.com/advisories/22291Vendor Advisory
http://security.gentoo.org/glsa/glsa-200608-21.xml
http://securitytracker.com/id?1016664
http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txtPatch, Vendor Advisory
http://www.debian.org/security/2006/dsa-1146
http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
http://www.kb.cert.org/vuls/id/580124Patch, US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:139
http://www.novell.com/linux/security/advisories/2006_20_sr.html
http://www.novell.com/linux/security/advisories/2006_22_sr.html
http://www.osvdb.org/27869
http://www.osvdb.org/27870
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
http://www.redhat.com/support/errata/RHSA-2006-0612.htmlPatch, Vendor Advisory
http://www.securityfocus.com/archive/1/442599/100/0/threaded
http://www.securityfocus.com/archive/1/443498/100/100/threaded
http://www.securityfocus.com/bid/19427
http://www.ubuntu.com/usn/usn-334-1
http://www.vupen.com/english/advisories/2006/3225Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
http://secunia.com/advisories/21402Vendor Advisory
http://secunia.com/advisories/21423Vendor Advisory
http://secunia.com/advisories/21436Vendor Advisory
http://secunia.com/advisories/21439Vendor Advisory
http://secunia.com/advisories/21441Vendor Advisory
http://secunia.com/advisories/21456Vendor Advisory
http://secunia.com/advisories/21461Vendor Advisory
http://secunia.com/advisories/21467Vendor Advisory
http://secunia.com/advisories/21527Vendor Advisory
http://secunia.com/advisories/21613Vendor Advisory
http://secunia.com/advisories/21847Vendor Advisory
http://secunia.com/advisories/22291Vendor Advisory
http://security.gentoo.org/glsa/glsa-200608-21.xml
http://securitytracker.com/id?1016664
http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txtPatch, Vendor Advisory
http://www.debian.org/security/2006/dsa-1146
http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
http://www.kb.cert.org/vuls/id/580124Patch, US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:139
http://www.novell.com/linux/security/advisories/2006_20_sr.html
http://www.novell.com/linux/security/advisories/2006_22_sr.html
http://www.osvdb.org/27869
http://www.osvdb.org/27870
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
http://www.redhat.com/support/errata/RHSA-2006-0612.htmlPatch, Vendor Advisory
http://www.securityfocus.com/archive/1/442599/100/0/threaded
http://www.securityfocus.com/archive/1/443498/100/100/threaded
http://www.securityfocus.com/bid/19427
http://www.ubuntu.com/usn/usn-334-1
http://www.vupen.com/english/advisories/2006/3225Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515

Timeline

Published: Aug 9, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-3083?

How severe is CVE-2006-3083?

Severity scoring for CVE-2006-3083 is pending analysis. The EPSS model estimates a 0.51% probability of exploitation in the next 30 days.

How do I fix CVE-2006-3083?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-3083?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST