cvelist/2011/1xxx/CVE-2011-1526.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "cve@mitre.org",
      "ID" : "CVE-2011-1526",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "n/a",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "n/a"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "n/a"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "n/a"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "20110705 MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526]",
            "refsource" : "BUGTRAQ",
            "url" : "http://www.securityfocus.com/archive/1/518733/100/0/threaded"
         },
         {
            "name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt",
            "refsource" : "CONFIRM",
            "url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt"
         },
         {
            "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=711419",
            "refsource" : "CONFIRM",
            "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=711419"
         },
         {
            "name" : "DSA-2283",
            "refsource" : "DEBIAN",
            "url" : "http://www.debian.org/security/2011/dsa-2283"
         },
         {
            "name" : "FEDORA-2011-9080",
            "refsource" : "FEDORA",
            "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html"
         },
         {
            "name" : "FEDORA-2011-9109",
            "refsource" : "FEDORA",
            "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html"
         },
         {
            "name" : "MDVSA-2011:117",
            "refsource" : "MANDRIVA",
            "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:117"
         },
         {
            "name" : "RHSA-2011:0920",
            "refsource" : "REDHAT",
            "url" : "http://www.redhat.com/support/errata/RHSA-2011-0920.html"
         },
         {
            "name" : "openSUSE-SU-2011:1169",
            "refsource" : "SUSE",
            "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html"
         },
         {
            "name" : "SUSE-SU-2012:0010",
            "refsource" : "SUSE",
            "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"
         },
         {
            "name" : "SUSE-SU-2012:0018",
            "refsource" : "SUSE",
            "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html"
         },
         {
            "name" : "SUSE-SU-2012:0042",
            "refsource" : "SUSE",
            "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"
         },
         {
            "name" : "SUSE-SU-2012:0050",
            "refsource" : "SUSE",
            "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html"
         },
         {
            "name" : "openSUSE-SU-2012:0019",
            "refsource" : "SUSE",
            "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html"
         },
         {
            "name" : "openSUSE-SU-2012:0051",
            "refsource" : "SUSE",
            "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html"
         },
         {
            "name" : "48571",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/48571"
         },
         {
            "name" : "73617",
            "refsource" : "OSVDB",
            "url" : "http://www.osvdb.org/73617"
         },
         {
            "name" : "45145",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/45145"
         },
         {
            "name" : "45157",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/45157"
         },
         {
            "name" : "48101",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/48101"
         },
         {
            "name" : "8301",
            "refsource" : "SREASON",
            "url" : "http://securityreason.com/securityalert/8301"
         },
         {
            "name" : "kerberos-krb5appl-priv-esc(68398)",
            "refsource" : "XF",
            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68398"
         }
      ]
   }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
			`"CVE_data_meta" : {`
			`"ASSIGNER" : "cve@mitre.org",`
			`"ID" : "CVE-2011-1526",`
			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "n/a",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "n/a"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "n/a"`
			`}`
			`]`
			`}`
			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "n/a"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "20110705 MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526]",`
			`"refsource" : "BUGTRAQ",`
- Synchronized data. 2018-10-09 15:05:48 -04:00			`"url" : "http://www.securityfocus.com/archive/1/518733/100/0/threaded"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt",`
			`"refsource" : "CONFIRM",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=711419",`
			`"refsource" : "CONFIRM",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=711419"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "DSA-2283",`
			`"refsource" : "DEBIAN",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.debian.org/security/2011/dsa-2283"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "FEDORA-2011-9080",`
			`"refsource" : "FEDORA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "FEDORA-2011-9109",`
			`"refsource" : "FEDORA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "MDVSA-2011:117",`
			`"refsource" : "MANDRIVA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:117"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "RHSA-2011:0920",`
			`"refsource" : "REDHAT",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.redhat.com/support/errata/RHSA-2011-0920.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "openSUSE-SU-2011:1169",`
			`"refsource" : "SUSE",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "SUSE-SU-2012:0010",`
			`"refsource" : "SUSE",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "SUSE-SU-2012:0018",`
			`"refsource" : "SUSE",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "SUSE-SU-2012:0042",`
			`"refsource" : "SUSE",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "SUSE-SU-2012:0050",`
			`"refsource" : "SUSE",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "openSUSE-SU-2012:0019",`
			`"refsource" : "SUSE",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "openSUSE-SU-2012:0051",`
			`"refsource" : "SUSE",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "48571",`
			`"refsource" : "BID",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.securityfocus.com/bid/48571"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "73617",`
			`"refsource" : "OSVDB",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.osvdb.org/73617"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "45145",`
			`"refsource" : "SECUNIA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://secunia.com/advisories/45145"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "45157",`
			`"refsource" : "SECUNIA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://secunia.com/advisories/45157"`
			`},`
- Synchronized data. 2018-01-05 14:03:09 -05:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "48101",`
			`"refsource" : "SECUNIA",`
- Synchronized data. 2018-01-05 14:03:09 -05:00			`"url" : "http://secunia.com/advisories/48101"`
			`},`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "8301",`
			`"refsource" : "SREASON",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://securityreason.com/securityalert/8301"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "kerberos-krb5appl-priv-esc(68398)",`
			`"refsource" : "XF",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68398"`
			`}`
			`]`
			`}`
			`}`