6.5

CVE-2011-1526

EPSS 0.23%
Published 11.07.2011 20:55:01
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.

Affected products Warnungen 0 Metrics 2 CWE 1 References 25

Data is provided by the National Vulnerability Database (NVD)

Mit ≫ Krb5-appl Version < 1.0.1

Debian ≫ Debian Linux Version5.0

Debian ≫ Debian Linux Version6.0

Fedoraproject ≫ Fedora Version14

Fedoraproject ≫ Fedora Version15

Opensuse ≫ Opensuse Version11.3

Opensuse ≫ Opensuse Version11.4

Suse ≫ Linux Enterprise Desktop Version10 Updatesp4 SwEdition-

Suse ≫ Linux Enterprise Desktop Version11 Updatesp1

Suse ≫ Linux Enterprise Server Version10 Updatesp2

Suse ≫ Linux Enterprise Server Version10 Updatesp3 SwEditionltss

Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEdition-

Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwPlatform-

Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwEdition- SwPlatformvmware

Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp4

Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.23%	0.426

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html

Third Party Advisory

Mailing List

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/45145

Third Party Advisory

http://secunia.com/advisories/45157

Third Party Advisory

http://secunia.com/advisories/48101

Third Party Advisory

http://securityreason.com/securityalert/8301

Third Party Advisory

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt

Patch

Vendor Advisory

http://www.debian.org/security/2011/dsa-2283

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:117

Third Party Advisory

http://www.osvdb.org/73617

Broken Link

http://www.redhat.com/support/errata/RHSA-2011-0920.html

Third Party Advisory

http://www.securityfocus.com/archive/1/518733/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/48571

Patch

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=711419

Third Party Advisory

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/68398

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2011-1526

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1526

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1526

EUVD