GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Kerberos_5 | Mit | 1.1 (including) | 1.1 (including) |
| Kerberos_5 | Mit | 1.1.1 (including) | 1.1.1 (including) |
References
- http://web.mit.edu/kerberos/www/advisories/ftp.txt
- http://www.osvdb.org/4885
- http://www.securityfocus.com/bid/1374
- http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=ldvsnufao18.fsf%40saint-elmos-fire.mit.edu
- https://exchange.xforce.ibmcloud.com/vulnerabilities/4734
- http://web.mit.edu/kerberos/www/advisories/ftp.txt
- http://www.osvdb.org/4885
- http://www.securityfocus.com/bid/1374
- http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=ldvsnufao18.fsf%40saint-elmos-fire.mit.edu
- https://exchange.xforce.ibmcloud.com/vulnerabilities/4734