Veracode Vulnerability DatabaseVERACODE:24791Privilege Escalation
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
krb5-appl package is vulnerable to privilege escalation. It was found that gssftp, a Kerberos-aware FTP server, did not properly drop privileges. A remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group.
References
lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html
lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html
lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html
lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
secunia.com/advisories/45145
secunia.com/advisories/45157
secunia.com/advisories/48101
securityreason.com/securityalert/8301
web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt
www.debian.org/security/2011/dsa-2283
www.mandriva.com/security/advisories?name=MDVSA-2011:117
www.osvdb.org/73617
www.redhat.com/support/errata/RHSA-2011-0920.html
www.securityfocus.com/archive/1/518733/100/0/threaded
www.securityfocus.com/bid/48571
access.redhat.com/errata/RHSA-2011:0920
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=711419
exchange.xforce.ibmcloud.com/vulnerabilities/68398
Related
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P