{"api_version":"1","generated_at":"2026-04-22T17:45:52+00:00","cve":"CVE-2006-6008","urls":{"html":"https://cve.report/CVE-2006-6008","api":"https://cve.report/api/cve/CVE-2006-6008.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-6008","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-6008"},"summary":{"title":"CVE-2006-6008","description":"ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-11-21 23:07:00","updated_at":"2008-09-05 21:13:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://ftp.debian.org/debian/pool/main/l/linux-ftpd/linux-ftpd_0.17-22.diff.gz","name":"http://ftp.debian.org/debian/pool/main/l/linux-ftpd/linux-ftpd_0.17-22.diff.gz","refsource":"CONFIRM","tags":["Patch"],"title":"404 Not Found","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://secunia.com/advisories/22816","name":"22816","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Linux NetKit FTP Server Information Disclosure and Privilege Escalation - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://bugs.gentoo.org/show_bug.cgi?id=150292","name":"http://bugs.gentoo.org/show_bug.cgi?id=150292","refsource":"CONFIRM","tags":["Patch"],"title":"Gentoo Bug 150292 - net-ftp/ftpd - incorrect seteuid call makes it possible to access others files","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/22853","name":"22853","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Gentoo update for ftpd - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454","name":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454","refsource":"CONFIRM","tags":["Patch"],"title":"#384454 - ftpd: Does not handle symlink? NFS? home directory - Debian Bug report logs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200611-05.xml","name":"GLSA-200611-05","refsource":"GENTOO","tags":["Patch","Vendor Advisory"],"title":"Gentoo Linux Documentation\n--\n  Netkit FTP Server: Privilege escalation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-6008","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-6008","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"6008","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netkit","cpe5":"netkit","cpe6":"0.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6008","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netkit","cpe5":"netkit","cpe6":"0.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-6008","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"GLSA-200611-05","refsource":"GENTOO","url":"http://www.gentoo.org/security/en/glsa/glsa-200611-05.xml"},{"name":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454","refsource":"CONFIRM","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454"},{"name":"http://ftp.debian.org/debian/pool/main/l/linux-ftpd/linux-ftpd_0.17-22.diff.gz","refsource":"CONFIRM","url":"http://ftp.debian.org/debian/pool/main/l/linux-ftpd/linux-ftpd_0.17-22.diff.gz"},{"name":"22816","refsource":"SECUNIA","url":"http://secunia.com/advisories/22816"},{"name":"22853","refsource":"SECUNIA","url":"http://secunia.com/advisories/22853"},{"name":"http://bugs.gentoo.org/show_bug.cgi?id=150292","refsource":"CONFIRM","url":"http://bugs.gentoo.org/show_bug.cgi?id=150292"}]}},"nvd":{"publishedDate":"2006-11-21 23:07:00","lastModifiedDate":"2008-09-05 21:13:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netkit:netkit:0.17:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"6008","Ordinal":"21356","Title":"CVE-2006-6008","CVE":"CVE-2006-6008","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"6008","Ordinal":"1","NoteData":"ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"6008","Ordinal":"2","NoteData":"2006-11-21","Type":"Other","Title":"Published"}]}}}