Vulnerabilities > CVE-2006-0582 - Unspecified vulnerability in KTH Heimdal
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN kth
nessus
Summary
Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B62C80C2B81A11DABEC500123FFE8333.NASL description A Project heimdal Security Advisory reports : The telnet client program in Heimdal has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution. The telnetd server program in Heimdal has buffer overflows in the function getterminaltype, which may lead to remote code execution. The rshd server in Heimdal has a privilege escalation bug when storing forwarded credentials. The code allowes a user to overwrite a file with its credential cache, and get ownership of the file. last seen 2020-06-01 modified 2020-06-02 plugin id 21499 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21499 title FreeBSD : heimdal -- Multiple vulnerabilities (b62c80c2-b81a-11da-bec5-00123ffe8333) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200603-14.NASL description The remote host is affected by the vulnerability described in GLSA-200603-14 (Heimdal: rshd privilege escalation) An unspecified privilege escalation vulnerability in the rshd server of Heimdal has been reported. Impact : Authenticated users could exploit the vulnerability to escalate privileges or to change the ownership and content of arbitrary files. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 21095 published 2006-03-18 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21095 title GLSA-200603-14 : Heimdal: rshd privilege escalation NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-247-1.NASL description A privilege escalation flaw has been found in the heimdal rsh (remote shell) server. This allowed an authenticated attacker to overwrite arbitrary files and gain ownership of them. Please note that the heimdal-servers package is not officially supported in Ubuntu (it is in the last seen 2020-06-01 modified 2020-06-02 plugin id 21055 published 2006-03-13 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21055 title Ubuntu 4.10 / 5.04 / 5.10 : heimdal vulnerability (USN-247-1) NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_011.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:011 (heimdal). Heimdal is a Kerberos 5 implementation from the Royal Institut of Techno- logy in Stockholm. This update fixes two bugs in heimdal. The first one occurs in the rsh daemon and allows an authenticated malicious user to gain ownership of files that belong to other users (CVE-2006-0582). The second bug affects the telnet server and can be used to crash the server before authentication happens. It is even a denial-of-service attack when the telnetd is started via inetd because inetd stops forking the daemon when it forks too fast (CVE-2006-0677). last seen 2019-10-28 modified 2006-03-06 plugin id 21013 published 2006-03-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21013 title SUSE-SA:2006:011: heimdal NASL family Debian Local Security Checks NASL id DEBIAN_DSA-977.NASL description Two vulnerabilities have been discovered in heimdal, a free implementation of Kerberos 5. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-0582 Privilege escalation in the rsh server allows an authenticated attacker to overwrite arbitrary files and gain ownership of them. - CVE-2006-0677 A remote attacker could force the telnet server to crash before the user logged in, resulting in inetd turning telnetd off because it forked too fast. The old stable distribution (woody) does not expose rsh and telnet servers. last seen 2020-06-01 modified 2020-06-02 plugin id 22843 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22843 title Debian DSA-977-1 : heimdal - several vulnerabilities
References
- http://secunia.com/advisories/18733
- http://secunia.com/advisories/18733
- http://secunia.com/advisories/18806
- http://secunia.com/advisories/18806
- http://secunia.com/advisories/18894
- http://secunia.com/advisories/18894
- http://secunia.com/advisories/19005
- http://secunia.com/advisories/19005
- http://secunia.com/advisories/19302
- http://secunia.com/advisories/19302
- http://securitytracker.com/id?1015591
- http://securitytracker.com/id?1015591
- http://www.debian.org/security/2006/dsa-977
- http://www.debian.org/security/2006/dsa-977
- http://www.gentoo.org/security/en/glsa/glsa-200603-14.xml
- http://www.gentoo.org/security/en/glsa/glsa-200603-14.xml
- http://www.osvdb.org/22986
- http://www.osvdb.org/22986
- http://www.pdc.kth.se/heimdal/advisory/2006-02-06/
- http://www.pdc.kth.se/heimdal/advisory/2006-02-06/
- http://www.securityfocus.com/archive/1/426043/100/0/threaded
- http://www.securityfocus.com/archive/1/426043/100/0/threaded
- http://www.securityfocus.com/bid/16524
- http://www.securityfocus.com/bid/16524
- http://www.stacken.kth.se/lists/heimdal-discuss/2006-02/msg00028.html
- http://www.stacken.kth.se/lists/heimdal-discuss/2006-02/msg00028.html
- http://www.ubuntu.com/usn/usn-253-1
- http://www.ubuntu.com/usn/usn-253-1
- http://www.vupen.com/english/advisories/2006/0456
- http://www.vupen.com/english/advisories/2006/0456
- http://www.vupen.com/english/advisories/2006/0628
- http://www.vupen.com/english/advisories/2006/0628
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24532
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24532
- https://usn.ubuntu.com/247-1/
- https://usn.ubuntu.com/247-1/