MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities

Sachin Punadikar punadikar.sachin at
Wed Aug 16 01:25:30 EDT 2006

I tried code changes suggested by you, and it works fine. Now it is working
as it was working before.
Thanks a lot.

- Sachin.

On 8/16/06, Tom Yu <tlyu at> wrote:
> >>>>> "Tom" == Tom Yu <tlyu at MIT.EDU> writes:
> Tom> This sounds like a bug in the patch.  Try moving the krb5_seteuid(0)
> Tom> call to before the if-statement (so its return value gets
> Tom> ignored... this is safe for seteuid(0) but not for
> seteuid(not_zero)).
> Tom> I think the krb5_seteuid(0) call is to change back to UID 0 if that
> is
> Tom> required (on some systems) for changing back to the original target
> Tom> UID.
> This is now ticket #4137 in our bug database; the fix will appear in
> krb5-1.5.1.
> ---Tom

More information about the krbdev mailing list