Back to bug 711419
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jan Lieskovsky | 2011-06-07 13:06:33 UTC | CC | dpal, jplans, nalin, prc | |
| Jan Lieskovsky | 2011-06-07 13:15:17 UTC | CC | zmraz | |
| Tomas Hoger | 2011-06-10 11:41:46 UTC | Blocks | 712346 | |
| Petr Matousek | 2011-06-14 09:50:15 UTC | CC | pmatouse | |
| Huzaifa S. Sidhpurwala | 2011-06-14 09:52:18 UTC | Whiteboard | public=20110705,reported=20110606,source=upstream,impact=moderate,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,rhel-4/krb5=affected,rhel-5/krb5=affected,rhel-6/krb5-appl=affected,fedora-all/krb5-appl=affected | public=20110705,reported=20110606,source=upstream,impact=important,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,rhel-4/krb5=affected,rhel-5/krb5=affected,rhel-6/krb5-appl=affected,fedora-all/krb5-appl=affected |
| Josh Bressers | 2011-06-14 14:28:02 UTC | CC | bressers | |
| Huzaifa S. Sidhpurwala | 2011-06-15 03:10:21 UTC | Depends On | 713341 | |
| Huzaifa S. Sidhpurwala | 2011-06-15 03:11:30 UTC | Depends On | 713342 | |
| Tomas Hoger | 2011-06-24 11:53:51 UTC | Summary | EMBARGOED CVE-2011-1526 krb5, krb5-appl (gssftp/ftpd): Unauthorized read/write access to certain files (MITKRB5-SA-2011-005) | EMBARGOED CVE-2011-1526 krb5, krb5-appl: ftpd incorrect group privilege dropping (MITKRB5-SA-2011-005) |
| Whiteboard | public=20110705,reported=20110606,source=upstream,impact=important,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,rhel-4/krb5=affected,rhel-5/krb5=affected,rhel-6/krb5-appl=affected,fedora-all/krb5-appl=affected | impact=important,public=20110705,reported=20110606,source=upstream,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,rhel-4/krb5=defer/impact=low,rhel-5/krb5=defer/impact=low,rhel-6/krb5-appl=affected,fedora-all/krb5-appl=affected | ||
| Vincent Danen | 2011-06-28 05:42:10 UTC | CC | vdanen | |
| Vincent Danen | 2011-07-05 18:07:55 UTC | Summary | EMBARGOED CVE-2011-1526 krb5, krb5-appl: ftpd incorrect group privilege dropping (MITKRB5-SA-2011-005) | CVE-2011-1526 krb5, krb5-appl: ftpd incorrect group privilege dropping (MITKRB5-SA-2011-005) |
| Vincent Danen | 2011-07-05 18:08:10 UTC | Group | qe_staff | |
| Vincent Danen | 2011-07-05 18:09:01 UTC | Group | security | |
| Vincent Danen | 2011-07-05 18:34:49 UTC | Depends On | 719095 | |
| Vincent Danen | 2011-07-05 18:41:57 UTC | Whiteboard | impact=important,public=20110705,reported=20110606,source=upstream,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,rhel-4/krb5=defer/impact=low,rhel-5/krb5=defer/impact=low,rhel-6/krb5-appl=affected,fedora-all/krb5-appl=affected | impact=important,public=20110705,reported=20110606,source=upstream,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,rhel-4/krb5=defer/impact=low,rhel-5/krb5=affected/impact=low,rhel-6/krb5-appl=affected,fedora-all/krb5-appl=affected |
| Vincent Danen | 2011-07-05 18:42:29 UTC | Depends On | 719098 | |
| Vincent Danen | 2011-07-05 18:43:35 UTC | Whiteboard | impact=important,public=20110705,reported=20110606,source=upstream,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,rhel-4/krb5=defer/impact=low,rhel-5/krb5=affected/impact=low,rhel-6/krb5-appl=affected,fedora-all/krb5-appl=affected | impact=important,public=20110705,reported=20110606,source=upstream,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,rhel-4/krb5=defer/impact=low,rhel-5/krb5=defer/impact=low,rhel-6/krb5-appl=affected,fedora-all/krb5-appl=affected |
| Mark J. Cox | 2011-07-26 12:10:24 UTC | CC | mjc | |
| Whiteboard | impact=important,public=20110705,reported=20110606,source=upstream,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,rhel-4/krb5=defer/impact=low,rhel-5/krb5=defer/impact=low,rhel-6/krb5-appl=affected,fedora-all/krb5-appl=affected | impact=important,public=20110705,reported=20110606,source=upstream,cvss2=5.5/AV:N/AC:L/Au:S/C:P/I:P/A:N,rhel-4/krb5=defer/impact=low,rhel-5/krb5=defer/impact=low,rhel-6/krb5-appl=affected,fedora-all/krb5-appl=affected | ||
| Jan Lieskovsky | 2011-12-19 17:31:53 UTC | Blocks | 742493 | |
| Tomas Hoger | 2012-02-21 08:47:59 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Whiteboard | impact=important,public=20110705,reported=20110606,source=upstream,cvss2=5.5/AV:N/AC:L/Au:S/C:P/I:P/A:N,rhel-4/krb5=defer/impact=low,rhel-5/krb5=defer/impact=low,rhel-6/krb5-appl=affected,fedora-all/krb5-appl=affected | impact=important,public=20110705,reported=20110606,source=upstream,cvss2=5.5/AV:N/AC:L/Au:S/C:P/I:P/A:N,rhel-4/krb5=wontfix/impact=low,rhel-5/krb5=affected/impact=low,rhel-6/krb5-appl=affected,fedora-all/krb5-appl=affected | ||
| Last Closed | 2012-02-21 03:47:59 UTC | |||
| Andrew Sanders | 2014-01-27 19:35:09 UTC | CC | asanders | |
| Martin Prpič | 2014-09-02 13:40:10 UTC | Doc Text | It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check for the potential failure of the krb5_setegid() function call. On systems where the set real, set effective, or set saved group ID system calls might fail, a remote FTP user could use this flaw to gain unauthorized read or write access to files that were owned by the root group. | |
| Ján Rusnačko | 2015-08-19 09:10:33 UTC | Severity | medium | high |
| Ján Rusnačko | 2015-08-19 09:10:35 UTC | Priority | medium | high |
| Product Security DevOps Team | 2019-09-29 12:45:02 UTC | Whiteboard | impact=important,public=20110705,reported=20110606,source=upstream,cvss2=5.5/AV:N/AC:L/Au:S/C:P/I:P/A:N,rhel-4/krb5=wontfix/impact=low,rhel-5/krb5=affected/impact=low,rhel-6/krb5-appl=affected,fedora-all/krb5-appl=affected |
Back to bug 711419