EUVD-2000-0511

Malware in sbrugna...

SUSE CVE-2007-5894

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 krb5 does not initialize the length variable when authtype has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the...

Privilege Escalation

krb5-appl package is vulnerable to privilege escalation. It was found that gssftp, a Kerberos-aware FTP server, did not properly drop privileges. A remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group...

RedHat Update for krb5-appl RHSA-2011:0920-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2007-5894

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 krb5 does not initialize the length variable when authtype has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the...

Design/Logic Flaw

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 krb5 does not initialize the length variable when authtype has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the...

CVE-2007-5894

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 krb5 does not initialize the length variable when authtype has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the...

CVE-2007-5894

MIT Kerberos 5 (krb5) is affected by CVE-2007-5894 and related issues (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972) as described in multiple advisories. The core item in CVE-2007-5894 concerns an uninitialized length variable in the gssftp ftpd handling (krb5’s GSSAPI/KDC stack), with vendor note...

PT-2007-6831 · Mit · Mit Kerberos 5

Name of the Vulnerable Software and Affected Versions: MIT Kerberos 5 krb5 affected versions not specified Description: The issue concerns the reply function in ftpd.c in the gssftp ftpd, where the length variable may not be initialized under specific conditions related to the auth type value. Th...

CVE-2000-0514

The CVE-2000-0514 issue affects the GSSFTP FTP daemon in Kerberos 5 1.1.x , where access to certain FTP commands is not properly restricted. This leads to a remote denial of service and enables local users to gain root privileges . The available connected documents confirm the affected component ...

CVE-2000-0514

GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges...

gssftp.txt

-----BEGIN PGP SIGNED MESSAGE----- REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON 2000-06-14 SUMMARY: A remote user may execute certain FTP commands without authorization. IMPACT: A remote user may perform denial of service attacks. An attacker with access to a local account may gain unauthorized roo...

Security Advisory: REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON

-----BEGIN PGP SIGNED MESSAGE----- REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON 2000-06-14 SUMMARY: A remote user may execute certain FTP commands without authorization. IMPACT: A remote user may perform denial of service attacks. An attacker with access to a local account may gain unauthorized roo...

CVE-2000-0514

GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges. Remediation There ...