Vulnerability Name: | CVE-2006-5778 (CCN-30176) | ||||||||
Assigned: | 2006-08-24 | ||||||||
Published: | 2006-08-24 | ||||||||
Updated: | 2008-09-05 | ||||||||
Summary: | ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory. | ||||||||
CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P) 3.4 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Bypass Security | ||||||||
References: | Source: CCN Type: Full-Disclosure Mailing List, Thu Aug 24 2006 - 20:07:17 CDT ftpd chdir() while root Source: CCN Type: Debian Bug report logs - #384454 ftpd: Does not handle symlink? NFS? home directory Source: CONFIRM Type: UNKNOWN http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454 Source: MITRE Type: CNA CVE-2006-5778 Source: FULLDISC Type: UNKNOWN 20060825 ftpd chdir() while root Source: SECUNIA Type: UNKNOWN 22997 Source: GENTOO Type: UNKNOWN GLSA-200611-05 Source: DEBIAN Type: UNKNOWN DSA-1217 Source: DEBIAN Type: DSA-1217 linux-ftpd -- programming error Source: CCN Type: Gentoo-Portage Web site net-ftp/ftpd - The netkit FTP server with optional SSL support Source: CCN Type: GLSA-200611-05 Netkit FTP Server: Privilege escalation Source: CCN Type: OSVDB ID: 30339 Linux NetKit FTP Server (linux-ftpd) NFS Home Directory Symlink Privilege Escalation Source: CCN Type: OSVDB ID: 30340 Linux NetKit FTP Server (linux-ftpd) ID Calls Return Unspecified Privilege Escalation Source: BID Type: UNKNOWN 21000 Source: CCN Type: BID-21000 NetKit FTP Server ChDir Information Disclosure Vulnerability Source: XF Type: UNKNOWN ftpd-chdir-security-bypass(30176) | ||||||||
Vulnerable Configuration: | Configuration 1:![]() | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |