CVE-2011-1526 in Kerberosinfo

Summary

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

03/29/2011

Disclosure

07/11/2011

Moderation

VulDB entry created

Entries

1: VDB-57906

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

6.3

EPSS

0.00323

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-1526
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1526
CVE Details	https://www.cvedetails.com/cve/CVE-2011-1526/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!