Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0148

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-0148
Last Modified 05 Sep 2008 04:37:39
Published 15 Apr 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0148

Summary

wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.

Vulnerable Systems

Application

  • Sgi Propack 2.3

  • Sgi Propack 2.4

  • Washington University Wu-ftpd 2.4.1

  • Washington University Wu-ftpd 2.4.2 Beta18

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr10

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr11

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr12

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr13

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr14

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr15

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr4

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr5

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr6

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr7

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr8

  • Washington University Wu-ftpd 2.4.2 Beta18 Vr9

  • Washington University Wu-ftpd 2.4.2 Beta2

  • Washington University Wu-ftpd 2.4.2 Vr16

  • Washington University Wu-ftpd 2.4.2 Vr17

  • Washington University Wu-ftpd 2.5.0

  • Washington University Wu-ftpd 2.6.0

  • Washington University Wu-ftpd 2.6.1

  • Washington University Wu-ftpd 2.6.2


References

BID - 9832

REDHAT - RHSA-2004:096

DEBIAN - DSA-457

XF - wuftpd-restrictedgid-gain-access(15423)

FRSIRT - ADV-2006-1867

SUNALERT - 102356

SECUNIA - 20168

SECUNIA - 11055

HP - SSRT4704


Last Updated: 27 May 2016 10:38:30