CVE-2006-6008
Summary
| CVE | CVE-2006-6008 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-11-21 23:07:00 UTC |
| Updated | 2008-09-05 21:13:00 UTC |
| Description | ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 404 Not Found | CONFIRM | ftp.debian.org | Patch |
| Linux NetKit FTP Server Information Disclosure and Privilege Escalation - Advisories - Secunia | SECUNIA | secunia.com | Patch, Vendor Advisory |
| Gentoo Bug 150292 - net-ftp/ftpd - incorrect seteuid call makes it possible to access others files | CONFIRM | bugs.gentoo.org | Patch |
| Gentoo update for ftpd - Advisories - Secunia | SECUNIA | secunia.com | Patch, Vendor Advisory |
| #384454 - ftpd: Does not handle symlink? NFS? home directory - Debian Bug report logs | CONFIRM | bugs.debian.org | Patch |
| Gentoo Linux Documentation -- Netkit FTP Server: Privilege escalation | GENTOO | www.gentoo.org | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.