[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1526Date: (C)2011-07-11   (M)2023-12-22


ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.5
Exploit Score: 8.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/518733/100/0/threaded
SECUNIA-45145
SECUNIA-45157
SECUNIA-48101
BID-48571
OSVDB-73617
SREASON-8301
DSA-2283
FEDORA-2011-9080
FEDORA-2011-9109
MDVSA-2011:117
RHSA-2011:0920
SUSE-SU-2012:0010
SUSE-SU-2012:0018
SUSE-SU-2012:0042
SUSE-SU-2012:0050
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt
https://bugzilla.redhat.com/show_bug.cgi?id=711419
kerberos-krb5appl-priv-esc(68398)
openSUSE-SU-2011:1169
openSUSE-SU-2012:0019
openSUSE-SU-2012:0051

CPE    7
cpe:/o:opensuse:opensuse:11.3
cpe:/o:opensuse:opensuse:11.4
cpe:/o:debian:debian_linux:5.0
cpe:/o:debian:debian_linux:6.0
...
CWE    1
CWE-269
OVAL    11
oval:org.secpod.oval:def:301046
oval:org.secpod.oval:def:1503330
oval:org.secpod.oval:def:400414
oval:org.secpod.oval:def:500227
...

© SecPod Technologies