Lucene search

[email protected]CVE-2011-1526

HistoryJul 11, 2011 - 8:55 p.m.

CVE-2011-1526

2011-07-1120:55:01

CWE-269

[email protected]

web.nvd.nist.gov

cve-2011-1526

mit kerberos

ftp daemon

krb5-appl

group access restrictions

ftp commands

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

4.6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.0%

JSON

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.

Affected configurations

NVD

Node

mitkrb5-applRange<1.0.1

Node

debiandebian_linuxMatch5.0

debiandebian_linuxMatch6.0

Node

fedoraprojectfedoraMatch14

fedoraprojectfedoraMatch15

Node

opensuseopensuseMatch11.3

opensuseopensuseMatch11.4

suselinux_enterprise_desktopMatch10sp4-

suselinux_enterprise_desktopMatch11sp1

suselinux_enterprise_serverMatch10sp2

suselinux_enterprise_serverMatch10sp3ltss

suselinux_enterprise_serverMatch10sp4-

suselinux_enterprise_serverMatch11sp1-

suselinux_enterprise_serverMatch11sp1-vmware

suselinux_enterprise_software_development_kitMatch10sp4

suselinux_enterprise_software_development_kitMatch11sp1

CPENameOperatorVersion
mit:krb5-applmit krb5-appllt1.0.1

CPE	Name	Operator	Version
mit:krb5-appl	mit krb5-appl	lt	1.0.1

References

lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html

lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html

lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html

secunia.com/advisories/45145

secunia.com/advisories/45157

secunia.com/advisories/48101

securityreason.com/securityalert/8301

web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt

www.debian.org/security/2011/dsa-2283

www.mandriva.com/security/advisories?name=MDVSA-2011:117

www.osvdb.org/73617

www.redhat.com/support/errata/RHSA-2011-0920.html

www.securityfocus.com/archive/1/518733/100/0/threaded

www.securityfocus.com/bid/48571

bugzilla.redhat.com/show_bug.cgi?id=711419

exchange.xforce.ibmcloud.com/vulnerabilities/68398

Social References

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

4.6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.0%

JSON

Related for CVE-2011-1526

nessus19 openvas24 altlinux3 debian1 cvelist1 fedora3 redhat3 ubuntucve1 oraclelinux2 prion1 nvd1 veracode1 securityvulns2 suse7 gentoo1