Published: 11/07/2011 Updated: 02/02/2021

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and previous versions does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit krb5-appl
debian debian linux 5.0
debian debian linux 6.0
fedoraproject fedora 14
fedoraproject fedora 15
opensuse opensuse 11.3
opensuse opensuse 11.4
suse linux enterprise desktop 10
suse linux enterprise desktop 11
suse linux enterprise server 10
suse linux enterprise server 11
suse linux enterprise software development kit 10
suse linux enterprise software development kit 11

Synopsis Low: krb5 security and bug fix update Type/Severity Security Advisory: Low Topic Updated krb5 packages that fix one security issue and various bugs are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having lowsecurity impact A Common Vulnera ...

Debian Bug report logs - #654231 CVE-2011-4862 Package: krb5-telnetd; Maintainer for krb5-telnetd is (unknown); Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Mon, 2 Jan 2012 13:48:15 UTC Severity: critical Tags: security Found in version krb5-appl/1:10~alpha1-1 Fixed in versions krb5-appl/1:101-12 ...

Tim Zingelmann discovered that due an incorrect configure script the kerborised FTP server failed to set the effective GID correctly, resulting in privilege escalation The oldstable distribution (lenny) is not affected For the stable distribution (squeeze), this problem has been fixed in version 101-11 For the unstable distribution (sid), thi ...

CWE-269 http://www.securityfocus.com/bid/48571 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt http://secunia.com/advisories/45145 http://secunia.com/advisories/45157 http://www.redhat.com/support/errata/RHSA-2011-0920.html https://bugzilla.redhat.com/show_bug.cgi?id=711419 http://www.osvdb.org/73617 http://www.debian.org/security/2011/dsa-2283 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html http://securityreason.com/securityalert/8301 http://www.mandriva.com/security/advisories?name=MDVSA-2011:117 http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html https://exchange.xforce.ibmcloud.com/vulnerabilities/68398 http://secunia.com/advisories/48101 http://www.securityfocus.com/archive/1/518733/100/0/threaded https://access.redhat.com/errata/RHSA-2012:0306 https://nvd.nist.gov https://www.debian.org/security/./dsa-2283

CVE-2011-1526

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect