Privilege escalation in Mit Krb5-appl

CVE-2011-1526

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, a…

Vulnerability class: Privilege Escalation

EPSS: 0.003 (55.7th percentile) — read the EPSS interpretation.

Affected products

Mit Krb5-appl
Debian Debian_linux — versions 5.0, 6.0
Fedoraproject Fedora — versions 14, 15
Opensuse — versions 11.3, 11.4
Suse Linux_enterprise_desktop — versions 10, 11
Suse Linux_enterprise_server — versions 10, 11
Suse Linux_enterprise_software_development_kit — versions 10, 11
N/a — versions n/a

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

SUSE-SU-2012:0042 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
SUSE-SU-2012:0018 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
RHSA-2011:0920 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
48101 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
openSUSE-SU-2011:1169 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
openSUSE-SU-2012:0019 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
kerberos-krb5appl-priv-esc(68398) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
SUSE-SU-2012:0050 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
45145 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)