Download
| Alert*
oval:org.secpod.oval:def:301046
A vulnerability was discovered and corrected in krb5-appl: ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwr ... oval:org.secpod.oval:def:1503330 Updated krb5-appl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:400414 This update of krb5 applications fixes two security issues. CVE-2011-4862: A remote code execution in the kerberized telnet daemon was fixed. CVE-2011-1526 / MITKRB5-SA-2011-005: Fixed krb5 ftpd unauthorized file access problems. oval:org.secpod.oval:def:500227 The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. It was found that gssftp, a Kerberos-aware FTP server, did not properly drop privileges. A ... oval:org.secpod.oval:def:400376 This update of krb5 applications fixes two security issues. CVE-2011-4862: A remote code execution in the kerberized telnet daemon was fixed. CVE-2011-1526 / MITKRB5-SA-2011-005: Fixed krb5 ftpd unauthorized file access problems. oval:org.secpod.oval:def:500724 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise ... oval:org.secpod.oval:def:400348 The following issues have been fixed: - CVE-2011-1528: In releases krb5-1.8 and later, the KDC can crash due to an assertion failure. - CVE-2011-1529: In releases krb5-1.8 and later, the KDC can crash due to a null pointer dereference. Both bugs could be triggered by unauthenticated remote attackers ... oval:org.secpod.oval:def:102749 This package contains Kerberos-aware versions of the telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. oval:org.secpod.oval:def:600594 Tim Zingelmann discovered that due an incorrect configure script the kerborised FTP server failed to set the effective GID correctly, resulting in privilege escalation. The oldstable distribution is not affected. oval:org.secpod.oval:def:102880 This package contains Kerberos-aware versions of the telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. oval:org.secpod.oval:def:103352 This package contains Kerberos-aware versions of the telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. |