CVE-2007-3149

EPSS 0.05% · P15 Updated Feb 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-3149

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo."

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Todd Miller Sudo本地绕过Kerberos认证漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Sudo是一款许用户以其他用户权限安全地执行命令的程序，广泛使用在Linux和Unix操作系统下。 sudo软件包可能内嵌使用Kerberos 5进行用户认证。如果用户能够正确地认证到sudo的话，sudo认证代码中的错误可能导致本地root用户权限入侵。在对Kerberos服务器认证用户口令时，需要执行两步： 1) 使用用户的口令从KDC(Kerberos服务器)获得凭据，这证明用户输入的口令满足KDC，并对应用程序返回ticket。 2) 使用所返回的凭据请求访问本地服务，并确认KDC对该服务所返回

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2007-3149

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2007-3149

请登录查看更多情报信息。

http://www.sudo.ws/cgi-bin/cvsweb/sudo/auth/kerb5.cx_refsource_CONFIRM
http://www.securityfocus.com/bid/24368vdb-entryx_refsource_BID
http://secunia.com/advisories/26540third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/470739/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/470774/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/470752/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2007-3149

Same Patch Batch · n/a · 2007-06-11 · 50 CVEs total

CVE-2006-3974		3Com OfficeConnect Secure Router Tk Parameter 跨站脚本攻击漏洞
CVE-2005-4845		sun java_plug-in 配置错误漏洞
CVE-2007-3144		Opera Web Browser Basic Authentication Server 域名欺骗漏洞
CVE-2007-3145		Opera Web Browser Basic Authentication Server 域名欺骗漏洞
CVE-2007-3146		Zen Help Desk 敏感信息泄露漏洞
CVE-2007-3147		雅虎通Webcam Upload ActiveX控件远程缓冲区溢出漏洞
CVE-2007-3148		雅虎通Webcam Viewer ActiveX控件远程缓冲区溢出漏洞
CVE-2007-3143		Opera Web Browser Basic Authentication Server 域名欺骗漏洞
CVE-2005-4841		Outlook Progress Ctl 拒绝服务攻击
CVE-2007-3150		Google Desktop　远程攻击漏洞
CVE-2005-4842		System Monitor Source Properties 拒绝服务攻击漏洞
CVE-2007-3178		Zindizayn Okul Web Sistemi SQL注入漏洞
CVE-2007-3177		Ingate Firewall and SIParator绕过SIP认证漏洞
CVE-2007-3176		Ingate Firewall和SIParator　未明漏洞
CVE-2007-3175		W2B Online Banking　SQL注入漏洞
CVE-2007-3174		W2B Online Banking　auth.w2b　跨站脚本攻击漏洞
CVE-2007-3173		Almnzm　orderid函数远程攻击漏洞
CVE-2007-3172		Uebimiau Webmail　目录遍历漏洞
CVE-2007-3171		Uebimiau Webmail远程攻击漏洞
CVE-2007-3170		Uebimiau Webmail　跨站脚本攻击漏洞

Showing top 20 of 50 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2007-3149

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2007-3149

I. Basic Information for CVE-2007-3149

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2007-3149

III. Intelligence Information for CVE-2007-3149

Same Patch Batch · n/a · 2007-06-11 · 50 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2007-3149

Leave a comment