FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0148

This CVE name corresponds to:

Entered Topic
2004-03-08 wu-ftpd ftpaccess `restricted-uid'/`restricted-gid' directive may be bypassed

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0148 at cve.mitre.org

Details

Type CVE Entry
Name CVE-2004-0148

Description

wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.

References

Source Reference
DEBIAN DSA-457
HP SSRT4704
REDHAT RHSA-2004:096
SCO SCOSA-2005.6
BID 9832
FRSIRT ADV-2006-1867
OVAL oval:org.mitre.oval:def:1147
OVAL oval:org.mitre.oval:def:1636
OVAL oval:org.mitre.oval:def:1637
OVAL oval:org.mitre.oval:def:648
SECUNIA 11055
SECUNIA 20168
SUNALERT 102356
XF wuftpd-restrictedgid-gain-access(15423)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.