FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wu-ftpd ftpaccess `restricted-uid'/`restricted-gid' directive may be bypassed

Affected packages
wu-ftpd <= 2.6.2_3
wu-ftpd+ipv6 <= 2.6.2_5


VuXML ID 3b7c7f6c-7102-11d8-873f-0020ed76ef5a
Discovery 2004-02-17
Entry 2004-03-08
Modified 2004-03-29

Glenn Stewart reports a bug in wu-ftpd's ftpaccess `restricted-uid'/`restricted-gid' directives:

Users can get around the restriction to their home directory by issuing a simple chmod command on their home directory. On the next ftp log in, the user will have '/' as their root directory.

Matt Zimmerman discovered that the cause of the bug was a missing check for a restricted user within a code path that is executed only when a certain error is encountered.


Bugtraq ID 9832
CVE Name CVE-2004-0148