{
  "threat_severity" : "Important",
  "public_date" : "2011-07-05T00:00:00Z",
  "bugzilla" : {
    "description" : "krb5-appl: ftpd incorrect group privilege dropping (MITKRB5-SA-2011-005)",
    "id" : "711419",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=711419"
  },
  "cvss" : {
    "cvss_base_score" : "5.5",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:S/C:P/I:P/A:N",
    "status" : "verified"
  },
  "details" : [ "ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.", "It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check for the potential failure of the krb5_setegid() function call. On systems where the set real, set effective, or set saved group ID system calls might fail, a remote FTP user could use this flaw to gain unauthorized read or write access to files that were owned by the root group." ],
  "statement" : "This issue was addressed in krb5-appl packages in Red Hat Enterprise Linux 6 via RHSA-2011:0920 and krb5 packages in Red Hat Enterprise Linux 5 via RHSA-2012:0306.\nThis issue is not planned to be addressed in Red Hat Enterprise Linux 4, where this issue was rated as having low security impact.",
  "acknowledgement" : "Red Hat would like to thank MIT Kerberos project for reporting this issue. Upstream acknowledges Tim Zingelman as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-02-21T00:00:00Z",
    "advisory" : "RHSA-2012:0306",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "krb5-0:1.6.1-70.el5",
    "impact" : "low"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-07-05T00:00:00Z",
    "advisory" : "RHSA-2011:0920",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "krb5-appl-0:1.0.1-2.el6_1.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Will not fix",
    "package_name" : "krb5",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "impact" : "low"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-1526\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1526" ],
  "name" : "CVE-2011-1526",
  "csaw" : false
}