Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.831430
Category:Mandrake Local Security Checks
Title:Mandriva Update for krb5-appl MDVSA-2011:117 (krb5-appl)
Summary:The remote host is missing an update for the 'krb5-appl'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'krb5-appl'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability was discovered and corrected in krb5-appl:

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications
(aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid
return value, which allows remote authenticated users to bypass
intended group access restrictions, and create, overwrite, delete,
or read files, via standard FTP commands, related to missing autoconf
tests in a configure script (CVE-2011-1526).

The updated packages have been patched to correct this issue.

Affected Software/OS:
krb5-appl on Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1526
BugTraq ID: 48571
http://www.securityfocus.com/bid/48571
Bugtraq: 20110705 MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526] (Google Search)
http://www.securityfocus.com/archive/1/518733/100/0/threaded
Debian Security Information: DSA-2283 (Google Search)
http://www.debian.org/security/2011/dsa-2283
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:117
http://www.osvdb.org/73617
http://www.redhat.com/support/errata/RHSA-2011-0920.html
http://secunia.com/advisories/45145
http://secunia.com/advisories/45157
http://secunia.com/advisories/48101
http://securityreason.com/securityalert/8301
SuSE Security Announcement: SUSE-SU-2012:0010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
SuSE Security Announcement: SUSE-SU-2012:0018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
SuSE Security Announcement: SUSE-SU-2012:0042 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
SuSE Security Announcement: SUSE-SU-2012:0050 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
SuSE Security Announcement: openSUSE-SU-2011:1169 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html
SuSE Security Announcement: openSUSE-SU-2012:0019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
SuSE Security Announcement: openSUSE-SU-2012:0051 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
XForce ISS Database: kerberos-krb5appl-priv-esc(68398)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68398
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.