Lucene search

K

[email protected]NVD:CVE-2011-1526

HistoryJul 11, 2011 - 8:55 p.m.

CVE-2011-1526

2011-07-1120:55:01

CWE-269

[email protected]

web.nvd.nist.gov

1

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.1%

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.

Affected configurations

NVD

Node

mitkrb5-applRange<1.0.1

Node

debiandebian_linuxMatch5.0

OR

debiandebian_linuxMatch6.0

Node

fedoraprojectfedoraMatch14

OR

fedoraprojectfedoraMatch15

Node

opensuseopensuseMatch11.3

OR

opensuseopensuseMatch11.4

OR

suselinux_enterprise_desktopMatch10sp4-

OR

suselinux_enterprise_desktopMatch11sp1

OR

suselinux_enterprise_serverMatch10sp2

OR

suselinux_enterprise_serverMatch10sp3ltss

OR

suselinux_enterprise_serverMatch10sp4-

OR

suselinux_enterprise_serverMatch11sp1-

OR

suselinux_enterprise_serverMatch11sp1-vmware

OR

suselinux_enterprise_software_development_kitMatch10sp4

OR

suselinux_enterprise_software_development_kitMatch11sp1

References

lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html

lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html

lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html

secunia.com/advisories/45145

secunia.com/advisories/45157

secunia.com/advisories/48101

securityreason.com/securityalert/8301

web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt

www.debian.org/security/2011/dsa-2283

www.mandriva.com/security/advisories?name=MDVSA-2011:117

www.osvdb.org/73617

www.redhat.com/support/errata/RHSA-2011-0920.html

www.securityfocus.com/archive/1/518733/100/0/threaded

www.securityfocus.com/bid/48571

bugzilla.redhat.com/show_bug.cgi?id=711419

exchange.xforce.ibmcloud.com/vulnerabilities/68398

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.1%

Related for NVD:CVE-2011-1526

redhat3 openvas24 veracode1 securityvulns2 altlinux3 nessus19 ubuntucve1 debian1 fedora3 cve1 cvelist1 oraclelinux2 prion1 suse7 gentoo1