Approved changes feed: RSS · Atom

cpe:2.3:a:mit:krb5-appl:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorMit (82b7f5d9-694f-5ac9-86aa-26958677636b)
ProductKrb5 Appl (01e99cf6-6fca-5f44-bbda-1288e1668ba3)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/krb5/krb5-appl purl2cpe 2026-06-01 10:16:02.465844
pkg:rpm/opensuse/krb5-appl purl2cpe 2026-06-01 10:16:02.465846

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2019-25018 vulnerable 2026-06-08 05:13:41.812363 Details available
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
Published: 2021-02-02T17:23:31.000Z
Updated: 2024-08-05T03:00:18.816Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-25017 vulnerable 2026-06-08 05:13:41.811855 Details available
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). This issue is similar to CVE-2019-6111 and CVE-2019-7283. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
Published: 2021-02-02T17:23:58.000Z
Updated: 2024-08-05T03:00:18.924Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2011-4862 vulnerable 2026-06-08 04:59:33.315872 Details available
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Published: 2011-12-25T01:00:00.000Z
Updated: 2024-08-07T00:16:35.035Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2011-1526 vulnerable 2026-06-08 04:58:00.153264 Details available
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.
Published: 2011-07-11T20:00:00.000Z
Updated: 2024-08-06T22:28:41.820Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.