Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-1526

Опубликовано: 11 июл. 2011
Источник: nvd
CVSS2: 6.5
EPSS Низкий

Описание

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:mit:krb5-appl:*:*:*:*:*:*:*:*
Версия до 1.0.1 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:-:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*

EPSS

Процентиль: 46%
0.00228
Низкий

6.5 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

ubuntu логотип

CVE-2011-1526

ubuntu
почти 14 лет назад

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.

redhat логотип

CVE-2011-1526

redhat
почти 14 лет назад

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.

debian логотип

CVE-2011-1526

debian
почти 14 лет назад

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Application ...

github логотип

GHSA-qc9v-p4hp-c5fh

github
около 3 лет назад

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.

oracle-oval логотип

ELSA-2012-0306

oracle-oval
больше 13 лет назад

ELSA-2012-0306: krb5 security and bug fix update (LOW)

EPSS

Процентиль: 46%
0.00228
Низкий

6.5 Medium

CVSS2

Дефекты

CWE-269