Vulnerability CVE-2006-6008
Published: 2006-11-21   Modified: 2012-02-12

Description:
ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Netkit -> Netkit 

 References:
http://www.gentoo.org/security/en/glsa/glsa-200611-05.xml
http://secunia.com/advisories/22853
http://secunia.com/advisories/22816
http://ftp.debian.org/debian/pool/main/l/linux-ftpd/linux-ftpd_0.17-22.diff.gz
http://bugs.gentoo.org/show_bug.cgi?id=150292
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454
Copyright 2024, cxsecurity.com

 

Back to Top