CVE-2011-1526

2011-07-1100:00:00

ubuntu.com

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

71.8%

JSON

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications
(aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return
value, which allows remote authenticated users to bypass intended group
access restrictions, and create, overwrite, delete, or read files, via
standard FTP commands, related to missing autoconf tests in a configure
script.

Notes

Author	Note
sbeattie	krb5-appl was split out from the krb5 package between hardy and lucid by upstream; the CVE covers two issues: * the configure test for setegid() wasn’t included when krb5-appl was split out and so setegid is defined to always return an error, which thus doesn’t affect hardy * the code never checks the return value of setegid, which is a problem when setegid always fails, but less so when the setegid() is a real call, though still a real issue. hardy is affected by this, but less so than the split out krb5-appl packages. Therefore I’m marking this priority low for hardy/krb5

Author

Note

sbeattie

krb5-appl was split out from the krb5 package between hardy and lucid by upstream; the CVE covers two issues: * the configure test for setegid() wasn’t included when krb5-appl was split out and so setegid is defined to always return an error, which thus doesn’t affect hardy * the code never checks the return value of setegid, which is a problem when setegid always fails, but less so when the setegid() is a real call, though still a real issue. hardy is affected by this, but less so than the split out krb5-appl packages. Therefore I’m marking this priority low for hardy/krb5