CVE-2011-1526

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
mitkrb5-appl
𝑥
< 1.0.1
debiandebian_linux
5.0
debiandebian_linux
6.0
opensuseopensuse
11.3
opensuseopensuse
11.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
krb5
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
not-affected
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
hardy
ignored
krb5-appl
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
utopic
dne
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
dne
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
http://secunia.com/advisories/45145
http://secunia.com/advisories/45157
http://secunia.com/advisories/48101
http://securityreason.com/securityalert/8301
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt
http://www.debian.org/security/2011/dsa-2283
http://www.mandriva.com/security/advisories?name=MDVSA-2011:117
http://www.osvdb.org/73617
http://www.redhat.com/support/errata/RHSA-2011-0920.html
http://www.securityfocus.com/archive/1/518733/100/0/threaded
http://www.securityfocus.com/bid/48571
https://bugzilla.redhat.com/show_bug.cgi?id=711419
https://exchange.xforce.ibmcloud.com/vulnerabilities/68398
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
http://secunia.com/advisories/45145
http://secunia.com/advisories/45157
http://secunia.com/advisories/48101
http://securityreason.com/securityalert/8301
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt
http://www.debian.org/security/2011/dsa-2283
http://www.mandriva.com/security/advisories?name=MDVSA-2011:117
http://www.osvdb.org/73617
http://www.redhat.com/support/errata/RHSA-2011-0920.html
http://www.securityfocus.com/archive/1/518733/100/0/threaded
http://www.securityfocus.com/bid/48571
https://bugzilla.redhat.com/show_bug.cgi?id=711419
https://exchange.xforce.ibmcloud.com/vulnerabilities/68398