Unrated severityNVD Advisory· Published Jul 11, 2011· Updated Apr 29, 2026
CVE-2011-1526
CVE-2011-1526
Description
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.
Affected products
16cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:-:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
22- web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txtnvdPatchVendor Advisory
- www.securityfocus.com/bid/48571nvdPatchThird Party AdvisoryVDB Entry
- lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.htmlnvdMailing ListThird Party Advisory
- secunia.com/advisories/45145nvdThird Party Advisory
- secunia.com/advisories/45157nvdThird Party Advisory
- secunia.com/advisories/48101nvdThird Party Advisory
- securityreason.com/securityalert/8301nvdThird Party Advisory
- www.debian.org/security/2011/dsa-2283nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2011-0920.htmlnvdThird Party Advisory
- www.securityfocus.com/archive/1/518733/100/0/threadednvdThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/68398nvdThird Party AdvisoryVDB Entry
- www.osvdb.org/73617nvdBroken Link
News mentions
0No linked articles in our index yet.