CVE-2007-3149

Severity

72%

Complexity

39%

Confidentiality

165%

sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo."

sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo."

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 17 years ago

2007-06-11 18:30:00

Last updated 5 years ago

2020-01-21 15:44:00

Affected Software

Mit Kerberos 5 -

References

26540

20070607 Sudo: local root compromise with krb5 enabled

20070607 MIT krb5: makes sudo authentication issue MUCH worse.

20070607 Re: Sudo: local root compromise with krb5 enabled

24368

http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.