CVE-2011-1526

N/A Unknown

Published: July 11, 2011 Modified: April 29, 2026

Description

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html

Source: cve@mitre.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html

Source: cve@mitre.org

Mailing List Third Party Advisory

http://secunia.com/advisories/45145

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/45157

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/48101

Source: cve@mitre.org

Third Party Advisory

http://securityreason.com/securityalert/8301

Source: cve@mitre.org

Third Party Advisory

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt

Source: cve@mitre.org

Patch Vendor Advisory

http://www.debian.org/security/2011/dsa-2283

Source: cve@mitre.org

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:117

Source: cve@mitre.org

Third Party Advisory

http://www.osvdb.org/73617

Source: cve@mitre.org

Broken Link

http://www.redhat.com/support/errata/RHSA-2011-0920.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/archive/1/518733/100/0/threaded

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.securityfocus.com/bid/48571

Source: cve@mitre.org

Patch Third Party Advisory VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=711419

Source: cve@mitre.org

Issue Tracking Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/68398

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html