Lucene search
RedHatRHSA-2011:0920HistoryJul 05, 2011 - 12:00 a.m.
(RHSA-2011:0920) Important: krb5-appl security update
2011-07-0500:00:00
access.redhat.com
14
0.004 Low
EPSS
Percentile
72.0%
The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and
rlogin clients and servers. While these have been replaced by tools such as
OpenSSH in most environments, they remain in use in others.
It was found that gssftp, a Kerberos-aware FTP server, did not properly
drop privileges. A remote FTP user could use this flaw to gain unauthorized
read or write access to files that are owned by the root group.
(CVE-2011-1526)
Red Hat would like to thank the MIT Kerberos project for reporting this
issue. Upstream acknowledges Tim Zingelman as the original reporter.
All krb5-appl users should upgrade to these updated packages, which contain
a backported patch to correct this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 6 | s390x | krb5-appl-debuginfo | < 1.0.1-2.el6_1.1 | krb5-appl-debuginfo-1.0.1-2.el6_1.1.s390x.rpm |
| RedHat | 6 | x86_64 | krb5-appl-debuginfo | < 1.0.1-2.el6_1.1 | krb5-appl-debuginfo-1.0.1-2.el6_1.1.x86_64.rpm |
| RedHat | 6 | src | krb5-appl | < 1.0.1-2.el6_1.1 | krb5-appl-1.0.1-2.el6_1.1.src.rpm |
| RedHat | 6 | s390x | krb5-appl-servers | < 1.0.1-2.el6_1.1 | krb5-appl-servers-1.0.1-2.el6_1.1.s390x.rpm |
| RedHat | 6 | s390x | krb5-appl-clients | < 1.0.1-2.el6_1.1 | krb5-appl-clients-1.0.1-2.el6_1.1.s390x.rpm |
| RedHat | 6 | ppc64 | krb5-appl-debuginfo | < 1.0.1-2.el6_1.1 | krb5-appl-debuginfo-1.0.1-2.el6_1.1.ppc64.rpm |
| RedHat | 6 | ppc64 | krb5-appl-clients | < 1.0.1-2.el6_1.1 | krb5-appl-clients-1.0.1-2.el6_1.1.ppc64.rpm |
| RedHat | 6 | x86_64 | krb5-appl-servers | < 1.0.1-2.el6_1.1 | krb5-appl-servers-1.0.1-2.el6_1.1.x86_64.rpm |
| RedHat | 6 | i686 | krb5-appl-servers | < 1.0.1-2.el6_1.1 | krb5-appl-servers-1.0.1-2.el6_1.1.i686.rpm |
| RedHat | 6 | i686 | krb5-appl-debuginfo | < 1.0.1-2.el6_1.1 | krb5-appl-debuginfo-1.0.1-2.el6_1.1.i686.rpm |
Related
openvas
openvas
RedHat Update for krb5-appl RHSA-2011:0920-01
2012-06-06 00:00:00
Fedora Update for krb5-appl FEDORA-2011-9080
2011-07-18 00:00:00
Fedora Update for krb5-appl FEDORA-2011-9109
2011-07-18 00:00:00
debian
debian
[SECURITY] [DSA 2283-1] krb5-appl security update
2011-07-25 11:53:06
cve
cve
CVE-2011-1526
2011-07-11 20:55:01
fedora
fedora
[SECURITY] Fedora 15 Update: krb5-appl-1.0.1-7.fc15
2011-07-15 01:22:19
[SECURITY] Fedora 14 Update: krb5-appl-1.0.1-4.fc14
2011-07-15 01:26:36
[SECURITY] Fedora 15 Update: krb5-appl-1.0.1-8.fc15
2012-01-05 20:57:26
cvelist
cvelist
CVE-2011-1526
2011-07-11 20:00:00
nessus
nessus
RHEL 6 : krb5-appl (RHSA-2011:0920)
2011-07-06 00:00:00
Mandriva Linux Security Advisory : krb5-appl (MDVSA-2011:117)
2011-07-25 00:00:00
Oracle Linux 5 : krb5 (ELSA-2012-0306)
2013-07-12 00:00:00
redhat
redhat
(RHSA-2012:0306) Low: krb5 security and bug fix update
2012-02-21 00:00:00
(RHSA-2012:0168) Important: rhev-hypervisor5 security and bug fix update
2012-02-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package krb5 version 1.6.3-alt13
2011-07-06 00:00:00
Security fix for the ALT Linux 7 package krb5 version 1.6.3-alt13
2011-07-06 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.6.3-alt13
2011-07-06 00:00:00
ubuntucve
ubuntucve
CVE-2011-1526
2011-07-11 00:00:00
prion
prion
Design/Logic Flaw
2011-07-11 20:55:00
nvd
nvd
CVE-2011-1526
2011-07-11 20:55:01
oraclelinux
oraclelinux
krb5-appl security update
2011-07-05 00:00:00
krb5 security and bug fix update
2012-03-01 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 01:05:25
securityvulns
securityvulns
MIT krb5 FTP server privilege escalation
2011-10-24 00:00:00
suse
suse
Security update for Kerberos 5 (important)
2012-01-05 12:36:16
krb5-appl: Fixed remote buffer overflow in ktelnetd (important)
2012-01-05 12:36:18
Security update for Kerberos 5 (important)
2012-01-05 12:08:41
gentoo
gentoo
MIT Kerberos 5 Applications: Multiple vulnerabilities
2012-01-23 00:00:00