Vulnerability CVE-2011-1526
Published: 2011-07-11   Modified: 2012-02-13

Description:
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
FTP daemon fails to set effective group ID
Tom Yu
14.07.2011

Type:

CWE-264

 (Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
MIT -> Kerberos 

 References:
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
http://secunia.com/advisories/48101
http://securityreason.com/securityalert/8301
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt
http://www.debian.org/security/2011/dsa-2283
http://www.mandriva.com/security/advisories?name=MDVSA-2011:117
http://www.redhat.com/support/errata/RHSA-2011-0920.html
http://www.securityfocus.com/archive/1/518733/100/0/threaded
http://www.securityfocus.com/bid/48571
https://bugzilla.redhat.com/show_bug.cgi?id=711419
https://exchange.xforce.ibmcloud.com/vulnerabilities/68398
Copyright 2024, cxsecurity.com

 

Back to Top