CVE-2006-6008

Sažetak

ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454
http://bugs.gentoo.org/show_bug.cgi?id=150292
http://ftp.debian.org/debian/pool/main/l/linux-ftpd/linux-ftpd_0.17-22.diff.gz
http://secunia.com/advisories/22816
http://secunia.com/advisories/22853
http://www.gentoo.org/security/en/glsa/glsa-200611-05.xml

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

05-09-2008 - 21:13

Objavljeno

21-11-2006 - 23:07