CVE-2019-25018
- EPSS 0.08%
- Published 02.02.2021 18:15:11
- Last modified 21.11.2024 04:39:45
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the targ...
CVE-2019-25017
- EPSS 0.38%
- Published 02.02.2021 18:15:10
- Last modified 21.11.2024 04:39:44
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of t...
- EPSS 92.41%
- Published 25.12.2011 01:55:02
- Last modified 11.04.2025 00:51:21
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to exec...
CVE-2011-1526
- EPSS 0.23%
- Published 11.07.2011 20:55:01
- Last modified 11.04.2025 00:51:21
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, ...