6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.0%
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications
(aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return
value, which allows remote authenticated users to bypass intended group
access restrictions, and create, overwrite, delete, or read files, via
standard FTP commands, related to missing autoconf tests in a configure
script.
Author | Note |
---|---|
sbeattie | krb5-appl was split out from the krb5 package between hardy and lucid by upstream; the CVE covers two issues: * the configure test for setegid() wasn’t included when krb5-appl was split out and so setegid is defined to always return an error, which thus doesn’t affect hardy * the code never checks the return value of setegid, which is a problem when setegid always fails, but less so when the setegid() is a real call, though still a real issue. hardy is affected by this, but less so than the split out krb5-appl packages. Therefore I’m marking this priority low for hardy/krb5 |