CVE-2007-3149 - OpenCVE

sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo."

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Mit	Kerberos 5
Todd Miller	Sudo

Configuration 1 [-]

OR	cpe:2.3:a:mit:kerberos_5:-:::::::*
	cpe:2.3:a:todd_miller:sudo:1.6.8_p12:::::::*

References

Link	Resource
http://secunia.com/advisories/26540
http://www.securityfocus.com/archive/1/470739/100/0/threaded
http://www.securityfocus.com/archive/1/470752/100/0/threaded
http://www.securityfocus.com/archive/1/470774/100/0/threaded
http://www.securityfocus.com/bid/24368
http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-11T18:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-06-11T00:00:00

Link: CVE-2007-3149

JSON object: View

NVD Information

Status : Modified

Published: 2007-06-11T18:30:00.000

Modified: 2020-01-21T15:44:36.617

Link: CVE-2007-3149

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-07T00:00:00", "descriptions": [{"lang": "en", "value": "sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be \"a user, who can already log into your system, and can already use sudo.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "24368", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24368"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c"}, {"name": "20070607 MIT krb5: makes sudo authentication issue MUCH worse.", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/470752/100/0/threaded"}, {"name": "20070607 Sudo: local root compromise with krb5 enabled", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/470739/100/0/threaded"}, {"name": "26540", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26540"}, {"name": "20070607 Re: Sudo: local root compromise with krb5 enabled", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/470774/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3149", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be \"a user, who can already log into your system, and can already use sudo.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "24368", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24368"}, {"name": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c", "refsource": "CONFIRM", "url": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c"}, {"name": "20070607 MIT krb5: makes sudo authentication issue MUCH worse.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/470752/100/0/threaded"}, {"name": "20070607 Sudo: local root compromise with krb5 enabled", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/470739/100/0/threaded"}, {"name": "26540", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26540"}, {"name": "20070607 Re: Sudo: local root compromise with krb5 enabled", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/470774/100/0/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3149", "datePublished": "2007-06-11T18:00:00", "dateReserved": "2007-06-11T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:-:*:*:*:*:*:*:*", "matchCriteriaId": "589D7E39-A243-49F9-8F67-4B9E92AE87DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*", "matchCriteriaId": "31B2C299-5D0B-44DA-91FD-4B1146BE9A7B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be \"a user, who can already log into your system, and can already use sudo.\""}, {"lang": "es", "value": "sudo, cuando est\u00e1 enlazado con MIT Kerberos 5 (krb5), no comprueba correctamente si un usuario pueda validar actualmente a Kerberos, lo cual permite a usuarios locales ganar privilegios, de una forma involuntario por el modelo de seguridad de sudo, a rtav\u00e9s de ciertas variables de configuraci\u00f3n KRB5_ environment. NOTA: Otro investigados cuestiona esta vulnerabilidad, bas\u00e1ndose en que el atacante debe ser \u201cun usuario, que puede registrarse en tu sistema, y puede utilizar sudo.\u201d"}], "id": "CVE-2007-3149", "lastModified": "2020-01-21T15:44:36.617", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-11T18:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26540"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/470739/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/470752/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/470774/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24368"}, {"source": "cve@mitre.org", "url": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.c"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. Versions of sudo package shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5 are linked with PAM support and never use libkrb5 authentication.\n", "lastModified": "2007-06-11T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}