GSSFTP Daemon Input Validation Vulnerability

A denial of service, and a potential remote root compromise, exist in the gssftp daemon, as provided as part of the MIT Kerberos 5 1.1, 1.1.1 and 1.2-beta1 and beta2 distributions. Due to a command parsing flaw, remote users may be able to execute certain ftp commands they are not authorized to performed. This may allow a remote user to cause a denial of service against the ftpd, and may be used by an attacker with a local account to gain root access.

This vulnerability is not present in Kerberos 5 1.0.x distributions.


Privacy Statement
Copyright 2010, SecurityFocus