CVE-2011-1526

Severity

65%

Complexity

80%

Confidentiality

106%

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

First reported 13 years ago

2011-07-11 20:55:00

Last updated 6 years ago

2018-10-09 19:31:00

Affected Software

MIT Kerberos

References

FEDORA-2011-9080

FEDORA-2011-9109

openSUSE-SU-2011:1169

SUSE-SU-2012:0010

SUSE-SU-2012:0018

openSUSE-SU-2012:0019

SUSE-SU-2012:0042

SUSE-SU-2012:0050

openSUSE-SU-2012:0051

45145

Vendor Advisory

45157

Vendor Advisory

48101

8301

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt

Patch, Vendor Advisory

DSA-2283

MDVSA-2011:117

73617

RHSA-2011:0920

20110705 MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526]

48571

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=711419

Patch

kerberos-krb5appl-priv-esc(68398)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.