Heimdal: Multiple local privilege escalation vulnerabilities Certain Heimdal components, ftpd and rcp, are vulnerable to a local privilege escalation. Heimdal August 23, 2006 August 23, 2006: 01 143371 local 0.7.2-r3 0.7.2-r3

Heimdal is a free implementation of Kerberos 5.

The ftpd and rcp applications provided by Heimdal fail to check the return value of calls to seteuid().

A local attacker could exploit this vulnerability to execute arbitrary code with elevated privileges.

There is no known workaround at this time.

All Heimdal users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.7.2-r3" Official advisory CVE-2006-3083 CVE-2006-3084 koon daxomatic falco