CVE-2011-1526
MIT Kerberos Version 5 Applications <1.0.1 - Privilege Escalation
Title source: llmDescription
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.
References (22)
Core 22
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0920.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48101
Patch, Vendor Advisory x_refsource_confirm
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68398
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45145
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=711419
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45157
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8301
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:117
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html
Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/48571
Broken Link vdb-entry
x_refsource_osvdb
http://www.osvdb.org/73617
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2283
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/518733/100/0/threaded
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html
Scores
EPSS
0.0032
EPSS Percentile
55.5%
Details
CWE
CWE-269
Status
published
Products (13)
debian/debian_linux
5.0
debian/debian_linux
6.0
fedoraproject/fedora
14
fedoraproject/fedora
15
mit/krb5-appl
< 1.0.1
opensuse/opensuse
11.3
opensuse/opensuse
11.4
suse/linux_enterprise_desktop
10 sp4
suse/linux_enterprise_desktop
11 sp1
suse/linux_enterprise_server
10 sp2 (3 CPE variants)
... and 3 more
Published
Jul 11, 2011
Tracked Since
Feb 18, 2026