Search CVE reports
1 – 4 of 4 results
CVE-2019-25018
Medium priorityNot in release
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the...
1 affected packages
krb5-appl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
krb5-appl | — | — | Not in release | Not in release | Not in release |
CVE-2019-25017
Medium priorityNot in release
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs...
1 affected packages
krb5-appl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
krb5-appl | — | — | Not in release | Not in release | Not in release |
CVE-2011-4862
Medium priorityBuffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows...
4 affected packages
heimdal, inetutils, krb5, krb5-appl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
heimdal | — | — | — | — | Not affected |
inetutils | — | — | — | — | Not affected |
krb5 | — | — | — | — | Not affected |
krb5-appl | — | — | — | — | Not in release |
CVE-2011-1526
Medium priorityftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access...
2 affected packages
krb5, krb5-appl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
krb5 | — | — | — | — | Not affected |
krb5-appl | — | — | — | — | Not in release |