CVE-2011-1526

First published: Tue Jun 07 2011(Updated: )

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.

Credit: cve@mitre.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/remedy
• agent/first-publish-date
• agent/weakness
• agent/severity
• agent/references
• agent/author
• agent/description
• collector/nvd-historical
• agent/software-canonical-lookup-request
• collector/nvd-index
• agent/softwarecombine
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/tags
• agent/event
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2011-1526
• vendor/mit
• canonical/mit krb5-appl
• vendor/debian
• canonical/debian debian linux
• version/debian debian linux/5.0
• version/debian debian linux/6.0
• vendor/fedoraproject
• canonical/fedoraproject fedora
• version/fedoraproject fedora/15
• version/fedoraproject fedora/14
• vendor/suse
• canonical/suse linux enterprise desktop
• version/suse linux enterprise desktop/11-sp1
• vendor/opensuse
• canonical/opensuse opensuse
• version/opensuse opensuse/11.4
• version/opensuse opensuse/11.3
• canonical/suse linux enterprise server
• version/suse linux enterprise server/10-sp2
• canonical/suse linux enterprise software development kit
• version/suse linux enterprise software development kit/10-sp4
• version/suse linux enterprise server/11-sp1
• version/suse linux enterprise server/10-sp3
• version/suse linux enterprise desktop/10-sp4
• version/suse linux enterprise server/10-sp4
• version/suse linux enterprise software development kit/11-sp1