Red Hat Bugzilla – Bug 37731
krb5 ftpd buffer overflows
Last modified: 2007-03-26 23:43:54 EDT
From BugTraq posting:
* If anonymous FTP is enabled, a remote user may gain unauthorized
* A user with access to a local account may gain unauthorized root
* A remote user who can successfully authenticate to the FTP daemon
may obtain unauthorized root access, regardless of whether anonymous
FTP is enabled or whether access is granted to a local account.
This vulnerability is believed to be somewhat difficult to exploit.
This announcement and code patches related to it may be found on the
MIT Kerberos security advisory page at:
*** This bug has been marked as a duplicate of 35978 ***