Group Access Vulnerability in MIT Kerberos FTP Daemon
CVE-2011-1526

Currently unrated

Key Information:

Vendor: Mit
Status: Krb5-appl
Vendor: CVE Published:; 11 July 2011

What is CVE-2011-1526?

The MIT Kerberos FTP daemon contains a privilege escalation vulnerability due to improper handling of return values from the krb5_setegid function. This oversight enables remote authenticated users to bypass essential group access restrictions, granting them the ability to create, overwrite, delete, or read files on the system using standard FTP commands. The problem arises from omitted autoconf tests within the configuration script, leading to potential security breaches that could compromise sensitive data.

References

http://lists.opensuse.org/opensuse-security-announce/2012...

vendor-advisoryx_refsource_SUSE

http://lists.opensuse.org/opensuse-security-announce/2012...

vendor-advisoryx_refsource_SUSE

http://www.redhat.com/support/errata/RHSA-2011-0920.html

vendor-advisoryx_refsource_REDHAT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2011
Vulnerability Reserved
Mar 29, 2011

CVE-2011-1526 Data

JSON

Mit

What is CVE-2011-1526?

References

Timeline