summaryrefslogtreecommitdiffstats
path: root/src/lib/krb4
diff options
context:
space:
mode:
authorTom Yu <tlyu@mit.edu>2006-08-08 19:26:40 +0000
committerTom Yu <tlyu@mit.edu>2006-08-08 19:26:40 +0000
commit7b141abe9aa72db8c7243d4f0a30b87e59789579 (patch)
tree75758af4fbe75e55f3ed8ded57f650014ffd6170 /src/lib/krb4
parent90ce1170a03c1451c1bbe15af6ca1ead326eeb83 (diff)
downloadkrb5-7b141abe9aa72db8c7243d4f0a30b87e59789579.tar.gz
krb5-7b141abe9aa72db8c7243d4f0a30b87e59789579.tar.xz
krb5-7b141abe9aa72db8c7243d4f0a30b87e59789579.zip
fix MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities
* src/appl/gssftp/ftpd/ftpd.c (getdatasock, passive): * src/appl/bsd/v4rcp.c (main): * src/appl/bsd/krcp.c (main): * src/appl/bsd/krshd.c (doit): * src/appl/bsd/login.c (main): * src/clients/ksu/main.c (sweep_up): * src/lib/krb4/kuserok.c (kuserok): Check return values from setuid() and related functions to avoid privilege escalation vulnerabilities. Fixes MITKRB5-SA-2006-001. [CVE-2006-3083, VU#580124, CVE-2006-3084, VU#401660] ticket: new target_version: 1.5.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18420 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb4')
-rw-r--r--src/lib/krb4/kuserok.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/lib/krb4/kuserok.c b/src/lib/krb4/kuserok.c
index 32620db1ae..579128ed38 100644
--- a/src/lib/krb4/kuserok.c
+++ b/src/lib/krb4/kuserok.c
@@ -159,9 +159,11 @@ kuserok(kdata, luser)
*/
if(getuid() == 0) {
uid_t old_euid = geteuid();
- seteuid(pwd->pw_uid);
+ if (seteuid(pwd->pw_uid) < 0)
+ return NOTOK;
fp = fopen(pbuf, "r");
- seteuid(old_euid);
+ if (seteuid(old_euid) < 0)
+ return NOTOK;
if ((fp) == NULL) {
return(NOTOK);
}
generated by cgit (git 2.34.1) at 2026-01-06 13:21:50 +0000