ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and previous versions does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mit krb5-appl |
||
debian debian linux 5.0 |
||
debian debian linux 6.0 |
||
fedoraproject fedora 14 |
||
fedoraproject fedora 15 |
||
opensuse opensuse 11.3 |
||
opensuse opensuse 11.4 |
||
suse linux enterprise desktop 10 |
||
suse linux enterprise desktop 11 |
||
suse linux enterprise server 10 |
||
suse linux enterprise server 11 |
||
suse linux enterprise software development kit 10 |
||
suse linux enterprise software development kit 11 |