Executive Summary
| Summary | |
|---|---|
| Title | Heimdal vulnerability |
| Informations | |||
|---|---|---|---|
| Name | USN-247-1 | First vendor Publication | 2006-02-10 |
| Vendor | Ubuntu | Last vendor Modification | 2006-02-10 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.1 | Attack Range | Local |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: heimdal-servers The problem can be corrected by upgrading the affected package to version 0.6.2-3ubuntu0.2 (for Ubuntu 4.10), 0.6.3-7ubuntu1.2 (for Ubuntu 5.04), or 0.6.3-11ubuntu1.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A privilege escalation flaw has been found in the heimdal rsh (remote shell) server. This allowed an authenticated attacker to overwrite arbitrary files and gain ownership of them. Please note that the heimdal-servers package is not officially supported in Ubuntu (it is in the 'universe' component of the archive). However, this affects you if you use a customized version built from the heimdal source package (which is supported). |
Original Source
| Url : http://www.ubuntu.com/usn/USN-247-1 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-10 | Name : SLES9: Security update for heimdal File : nvt/sles9p5018824.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200603-14 (heimdal) File : nvt/glsa_200603_14.nasl |
| 2008-09-04 | Name : FreeBSD Ports: heimdal File : nvt/freebsd_heimdal1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 977-1 (heimdal) File : nvt/deb_977_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 22986 | Heimdal rshd Server Forwarded Credential Overwrite Privilege Escalation |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-977.nasl - Type : ACT_GATHER_INFO |
| 2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_b62c80c2b81a11dabec500123ffe8333.nasl - Type : ACT_GATHER_INFO |
| 2006-03-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200603-14.nasl - Type : ACT_GATHER_INFO |
| 2006-03-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-247-1.nasl - Type : ACT_GATHER_INFO |
| 2006-03-06 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_011.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:03:16 |
|
