Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0988

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2011-0988
Last Modified 18 Apr 2011 12:00:00
Published 18 Apr 2011 01:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0988

Summary

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.

Vulnerable Systems

Operating System

  • Novell Suse Linux 10

  • Novell Suse Linux 11

Application

  • Pureftpd Pure-ftpd 1.0.22


References

SUSE - SUSE-SU-2011:0306

XF - sles-pureftpd-privilege-escalation(66618)

SECUNIA - 44039

Related Patches

Novell SUSE 2011:7428 pure-ftpd security update for SLE 10 SP3 i586

Novell SUSE 2011:7428 pure-ftpd security update for SLE 10 SP3 x86_64


Last Updated: 27 May 2016 10:56:07