Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

gssftp.txt

🗓️ 15 Jun 2000 00:00:00Reported by Tom YuType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 18 Views

Remote vulnerability in GSSFTP daemon allows unauthorized FTP commands and potential root access.

Code
`-----BEGIN PGP SIGNED MESSAGE-----  
  
REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON  
  
2000-06-14  
  
SUMMARY:  
  
A remote user may execute certain FTP commands without authorization.  
  
IMPACT:  
  
A remote user may perform denial of service attacks.  
  
An attacker with access to a local account may gain unauthorized root  
access.  
  
VULNERABLE DISTRIBUTIONS:  
  
Source distributions which may contain vulnerable code include:  
  
MIT Kerberos 5 releases krb5-1.1 and krb5-1.1.1  
  
The beta releases krb5-1.1.2-beta1 and krb5-1.2-beta2 are also  
vulnerable.  
  
NON-VULNERABLE DISTRIBUTIONS:  
  
MIT Kerberos 5 releases krb5-1.0.x  
  
FIXES:  
  
If you are running a vulnerable FTP daemon, disable it immediately,  
usually by commenting it out of your inetd.conf and sending a SIGHUP  
to the inetd process.  
  
To correct the bug, apply the following patch, rebuild, and reinstall  
ftpd on the affected machines.  
  
The upcoming krb5-1.2 release will correct this problem. There will  
be a krb5-1.2-beta3 release later this week that will correct this  
problem.  
  
PATCHES:  
  
These patches will apply against krb5-1.1.1, krb5-1.1.2-beta1, and  
krb5-1.2-beta2. They will be made available on the web site at:  
  
http://web.mit.edu/kerberos/www/advisories/ftpd_111_patch.txt  
  
The MIT Kerberos security advisories page is at:  
  
http://web.mit.edu/kerberos/www/advisories/index.html  
  
Patches for other security problems as well as archives of security  
advisory postings are located on that page.  
  
Index: ftpcmd.y  
===================================================================  
RCS file: /cvs/krbdev/krb5/src/appl/gssftp/ftpd/ftpcmd.y,v  
retrieving revision 1.14  
diff -c -r1.14 ftpcmd.y  
*** ftpcmd.y 1999/03/24 22:14:02 1.14  
- --- ftpcmd.y 2000/06/14 17:35:19  
***************  
*** 865,871 ****  
$$ = 0;  
}  
else  
! $$ = 1;  
}  
;  
%%  
- --- 865,871 ----  
$$ = 0;  
}  
else  
! $$ = $1;  
}  
;  
%%  
  
  
-----BEGIN PGP SIGNATURE-----  
Version: 2.6.2  
  
iQCVAwUBOUgGcabDgE/zdoE9AQF6EgP6Ay7pKAcq/nQ1w2fzKQPuvNcfWuKiCVR7  
ZxHTljdhz6hI1COPsZQzEswqd2odkh1xJ0m8Tab1Ked1G569WZPLQt1LreFDnyKh  
Vvy1mgwPg/EEMVvw6d7MRdgrIy7vlQswHbrAYyGMaibTSR1Rwx5Gc5cJFedP+o7M  
95IoVsXNnPs=  
=HCTV  
-----END PGP SIGNATURE-----  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Jun 2000 00:00Current
7.4High risk
Vulners AI Score7.4
remote usergssftp daemonunauthorized accessdenial of servicevulnerable distributionsfixes neededpatches availablemit kerberos
18