Computer Security
[EN] securityvulns.ru no-pyccku


Netkit FTP Server protection bypass
Published:10.11.2006
Source:
SecurityVulns ID:6806
Type:remote
Threat Level:
5/10
Description:Invalid chroot() and seteuid() usage under some circumstances allow FTP root directory bypass.
Affected:NETKIT : ftpd 0.17
CVE:CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.)
 CVE-2006-5778 (ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory.)
Original documentdocumentGENTOO, [Full-disclosure] [ GLSA 200611-05 ] Netkit FTP Server: Privilege escalation (10.11.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod