Vulnerabilities > CVE-2006-0582 - Local Privilege Escalation vulnerability in Heimdal RSHD

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
local
low complexity
kth
nessus

Summary

Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors.

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_B62C80C2B81A11DABEC500123FFE8333.NASL
    descriptionA Project heimdal Security Advisory reports : The telnet client program in Heimdal has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution. The telnetd server program in Heimdal has buffer overflows in the function getterminaltype, which may lead to remote code execution. The rshd server in Heimdal has a privilege escalation bug when storing forwarded credentials. The code allowes a user to overwrite a file with its credential cache, and get ownership of the file.
    last seen2020-06-01
    modified2020-06-02
    plugin id21499
    published2006-05-13
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21499
    titleFreeBSD : heimdal -- Multiple vulnerabilities (b62c80c2-b81a-11da-bec5-00123ffe8333)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200603-14.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200603-14 (Heimdal: rshd privilege escalation) An unspecified privilege escalation vulnerability in the rshd server of Heimdal has been reported. Impact : Authenticated users could exploit the vulnerability to escalate privileges or to change the ownership and content of arbitrary files. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id21095
    published2006-03-18
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21095
    titleGLSA-200603-14 : Heimdal: rshd privilege escalation
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-247-1.NASL
    descriptionA privilege escalation flaw has been found in the heimdal rsh (remote shell) server. This allowed an authenticated attacker to overwrite arbitrary files and gain ownership of them. Please note that the heimdal-servers package is not officially supported in Ubuntu (it is in the
    last seen2020-06-01
    modified2020-06-02
    plugin id21055
    published2006-03-13
    reporterUbuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21055
    titleUbuntu 4.10 / 5.04 / 5.10 : heimdal vulnerability (USN-247-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2006_011.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2006:011 (heimdal). Heimdal is a Kerberos 5 implementation from the Royal Institut of Techno- logy in Stockholm. This update fixes two bugs in heimdal. The first one occurs in the rsh daemon and allows an authenticated malicious user to gain ownership of files that belong to other users (CVE-2006-0582). The second bug affects the telnet server and can be used to crash the server before authentication happens. It is even a denial-of-service attack when the telnetd is started via inetd because inetd stops forking the daemon when it forks too fast (CVE-2006-0677).
    last seen2019-10-28
    modified2006-03-06
    plugin id21013
    published2006-03-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21013
    titleSUSE-SA:2006:011: heimdal
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-977.NASL
    descriptionTwo vulnerabilities have been discovered in heimdal, a free implementation of Kerberos 5. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-0582 Privilege escalation in the rsh server allows an authenticated attacker to overwrite arbitrary files and gain ownership of them. - CVE-2006-0677 A remote attacker could force the telnet server to crash before the user logged in, resulting in inetd turning telnetd off because it forked too fast. The old stable distribution (woody) does not expose rsh and telnet servers.
    last seen2020-06-01
    modified2020-06-02
    plugin id22843
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22843
    titleDebian DSA-977-1 : heimdal - several vulnerabilities