MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities

Tom Yu tlyu at MIT.EDU
Tue Aug 15 22:09:10 EDT 2006

>>>>> "Tom" == Tom Yu <tlyu at MIT.EDU> writes:

Tom> This sounds like a bug in the patch.  Try moving the krb5_seteuid(0)
Tom> call to before the if-statement (so its return value gets
Tom> ignored... this is safe for seteuid(0) but not for seteuid(not_zero)).
Tom> I think the krb5_seteuid(0) call is to change back to UID 0 if that is
Tom> required (on some systems) for changing back to the original target
Tom> UID.

This is now ticket #4137 in our bug database; the fix will appear in


More information about the krbdev mailing list