CVE-2007-3149

Summary

CVE	CVE-2007-3149
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-06-11 18:30:00 UTC
Updated	2020-01-21 15:44:00 UTC
Description	sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo."

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mit	Kerberos 5	-	All	All	All
Application	Mit	Kerberos 5	-	All	All	All
Application	Todd Miller	Sudo	1.6.8_p12	All	All	All
Application	Todd Miller	Sudo	1.6.8_p12	All	All	All

References

Reference	Source	Link	Tags
SecurityFocus	BUGTRAQ	www.securityfocus.com
CVS log for sudo/auth/kerb5.c	CONFIRM	www.sudo.ws
SecurityFocus	BUGTRAQ	www.securityfocus.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
Sudo Kerberos 5 Security Bypass Vulnerability - Advisories - Secunia	SECUNIA	secunia.com
Todd Miller Sudo Kerberos Authentication Local Authentication Bypass Weakness	BID	www.securityfocus.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2007-06-11	Mark J Cox	Not vulnerable. Versions of sudo package shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5 are linked with PAM support and never use libkrb5 authentication.

There are currently no legacy QID mappings associated with this CVE.