CVE-2006-6008

ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454	Patch
http://bugs.gentoo.org/show_bug.cgi?id=150292	Patch
http://ftp.debian.org/debian/pool/main/l/linux-ftpd/linux-ftpd_0.17-22.diff.gz	Patch
http://www.gentoo.org/security/en/glsa/glsa-200611-05.xml	Patch Vendor Advisory
http://secunia.com/advisories/22816	Patch Vendor Advisory
http://secunia.com/advisories/22853	Patch Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:netkit:netkit:0.17:*:*:*:*:*:*:*

Information

Published : 2006-11-21 15:07

Updated : 2008-09-05 14:13

NVD link : CVE-2006-6008

Mitre link : CVE-2006-6008

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

netkit

netkit

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454", "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=150292", "name": "http://bugs.gentoo.org/show_bug.cgi?id=150292", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://ftp.debian.org/debian/pool/main/l/linux-ftpd/linux-ftpd_0.17-22.diff.gz", "name": "http://ftp.debian.org/debian/pool/main/l/linux-ftpd/linux-ftpd_0.17-22.diff.gz", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-05.xml", "name": "GLSA-200611-05", "tags": ["Patch", "Vendor Advisory"], "refsource": "GENTOO"}, {"url": "http://secunia.com/advisories/22816", "name": "22816", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22853", "name": "22853", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-6008", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-11-21T23:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:netkit:netkit:0.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T21:13Z"}