MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities
Tom Yu
tlyu at MIT.EDU
Tue Aug 15 22:09:10 EDT 2006
>>>>> "Tom" == Tom Yu <tlyu at MIT.EDU> writes:
Tom> This sounds like a bug in the patch. Try moving the krb5_seteuid(0)
Tom> call to before the if-statement (so its return value gets
Tom> ignored... this is safe for seteuid(0) but not for seteuid(not_zero)).
Tom> I think the krb5_seteuid(0) call is to change back to UID 0 if that is
Tom> required (on some systems) for changing back to the original target
Tom> UID.
This is now ticket #4137 in our bug database; the fix will appear in
krb5-1.5.1.
---Tom
More information about the krbdev
mailing list