Back to search
CVE-2011-1526
Published: Jul 11, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SUSE-SU-2012:0042
vendor-advisory
x_refsource_SUSE
SUSE-SU-2012:0018
vendor-advisory
x_refsource_SUSE
RHSA-2011:0920
vendor-advisory
x_refsource_REDHAT
48101
third-party-advisory
x_refsource_SECUNIA
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt
x_refsource_CONFIRM
openSUSE-SU-2011:1169
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2012:0019
vendor-advisory
x_refsource_SUSE
kerberos-krb5appl-priv-esc(68398)
vdb-entry
x_refsource_XF
SUSE-SU-2012:0050
vendor-advisory
x_refsource_SUSE
45145
third-party-advisory
x_refsource_SECUNIA
openSUSE-SU-2012:0051
vendor-advisory
x_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=711419
x_refsource_CONFIRM
SUSE-SU-2012:0010
vendor-advisory
x_refsource_SUSE
45157
third-party-advisory
x_refsource_SECUNIA
8301
third-party-advisory
x_refsource_SREASON
MDVSA-2011:117
vendor-advisory
x_refsource_MANDRIVA
FEDORA-2011-9109
vendor-advisory
x_refsource_FEDORA
48571
vdb-entry
x_refsource_BID
73617
vdb-entry
x_refsource_OSVDB
DSA-2283
vendor-advisory
x_refsource_DEBIAN
20110705 MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526]
mailing-list
x_refsource_BUGTRAQ
FEDORA-2011-9080
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now