Vulnerability Name:

CVE-2004-0148 (CCN-15423)

Assigned:2004-03-08
Published:2004-03-08
Updated:2018-05-03
Summary:wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-0148

Source: HP
Type: UNKNOWN
SSRT4704

Source: CCN
Type: RHSA-2004-096
wu-ftpd security update

Source: CCN
Type: SA11055
WU-FTPD Directory Access Restriction Bypass Vulnerability

Source: SECUNIA
Type: UNKNOWN
11055

Source: CCN
Type: SA20168
Solaris in.ftpd Directory Access Restriction Bypass Vulnerability

Source: SECUNIA
Type: UNKNOWN
20168

Source: CCN
Type: Sun Alert ID: 102356
Security Vulnerability in the Solaris 9 in.ftpd(1M) Server May Allow Unauthorized Directory Access

Source: SUNALERT
Type: UNKNOWN
102356

Source: CCN
Type: ASA-2006-132
Sun Alert Notifications from Sun Weekly Report dated May 20 2006

Source: CCN
Type: CIAC Information Bulletin O-095
wu-ftpd 'chmod' and S/Key Vulnerabilities

Source: CCN
Type: CIAC Information Bulletin 0-119
HP Tru64 UNIX WU-FTPD Security Vulnerabilities

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-457

Source: DEBIAN
Type: DSA-457
wu-ftpd -- several vulnerabilities

Source: FRSIRT
Type: UNKNOWN
ADV-2006-1867

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:096

Source: BID
Type: Patch, Vendor Advisory
9832

Source: CCN
Type: BID-9832
WU-FTPD restricted-gid Unauthorized Access Vulnerability

Source: CCN
Type: TLSA-2004-8
Multiple vulnerabilities in wu-ftpd

Source: XF
Type: UNKNOWN
wuftpd-restrictedgid-gain-access(15423)

Source: XF
Type: UNKNOWN
wuftpd-restrictedgid-gain-access(15423)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1147

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1636

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1637

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:648

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sgi:propack:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:sgi:propack:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:washington_university:wu-ftpd:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:sgi:propack:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:sgi:propack:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta2::academ:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18::academ:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*
  • OR cpe:/a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1a:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.0:*:*:*:workstation:*:*:*
  • OR cpe:/o:compaq:tru64:5.1b:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.23:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:648
    V
    		HP-UX wuftpd Privilege Escalation Vulnerability (B.11.23)
    2010-09-20
    oval:org.mitre.oval:def:1636
    V
    		HP-UX wuftpd Privilege Escalation Vulnerability (B.11.22)
    2010-09-20
    oval:org.mitre.oval:def:1637
    V
    		HP-UX wuftpd Privilege Escalation Vulnerability (B.11.00)
    2006-03-09
    oval:org.mitre.oval:def:1147
    V
    		HP-UX wuftpd Privilege Escalation Vulnerability (B.11.11)
    2006-03-09
    oval:org.debian:def:457
    V
    		several vulnerabilities
    2004-03-08
    BACK
    sgi propack 2.3
    sgi propack 2.4
    washington_university wu-ftpd 2.4.1
    washington_university wu-ftpd 2.4.2_beta2
    washington_university wu-ftpd 2.4.2_beta18
    washington_university wu-ftpd 2.4.2_beta18_vr4
    washington_university wu-ftpd 2.4.2_beta18_vr5
    washington_university wu-ftpd 2.4.2_beta18_vr6
    washington_university wu-ftpd 2.4.2_beta18_vr7
    washington_university wu-ftpd 2.4.2_beta18_vr8
    washington_university wu-ftpd 2.4.2_beta18_vr9
    washington_university wu-ftpd 2.4.2_beta18_vr10
    washington_university wu-ftpd 2.4.2_beta18_vr11
    washington_university wu-ftpd 2.4.2_beta18_vr12
    washington_university wu-ftpd 2.4.2_beta18_vr13
    washington_university wu-ftpd 2.4.2_beta18_vr14
    washington_university wu-ftpd 2.4.2_beta18_vr15
    washington_university wu-ftpd 2.4.2_vr16
    washington_university wu-ftpd 2.4.2_vr17
    washington_university wu-ftpd 2.5.0
    washington_university wu-ftpd 2.6.0
    washington_university wu-ftpd 2.6.1
    washington_university wu-ftpd 2.6.2
    washington_university wu-ftpd 2.5
    washington_university wu-ftpd 2.6.0
    washington_university wu-ftpd 2.6.2
    sgi propack 2.3
    sgi propack 2.4
    washington_university wu-ftpd 2.4.1
    washington_university wu-ftpd 2.4.2_beta2
    washington_university wu-ftpd 2.4.2_beta18
    washington_university wu-ftpd 2.4.2_vr17
    washington_university wu-ftpd 2.4.2_vr16
    washington_university wu-ftpd 2.4.2_beta18_vr9
    washington_university wu-ftpd 2.4.2_beta18_vr8
    washington_university wu-ftpd 2.4.2_beta18_vr7
    washington_university wu-ftpd 2.4.2_beta18_vr6
    washington_university wu-ftpd 2.4.2_beta18_vr5
    washington_university wu-ftpd 2.4.2_beta18_vr4
    washington_university wu-ftpd 2.4.2_beta18_vr15
    washington_university wu-ftpd 2.4.2_beta18_vr14
    washington_university wu-ftpd 2.4.2_beta18_vr13
    washington_university wu-ftpd 2.4.2_beta18_vr12
    washington_university wu-ftpd 2.4.2_beta18_vr11
    washington_university wu-ftpd 2.4.2_beta18_vr10
    washington_university wu-ftpd 2.6.1
    hp hp-ux 11.00
    hp hp-ux 11.11
    compaq tru64 5.1a
    debian debian linux 3.0
    hp hp-ux 11.22
    turbolinux turbolinux server 6.1
    turbolinux turbolinux workstation 6.0
    compaq tru64 5.1b
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    hp hp-ux 11.23
    sun solaris 9
    redhat linux advanced workstation 2.1
    sun solaris 9