CVE-2000-0462 - ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the speci

CVE-2000-0462

Summary

ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory.

References

Vulnerable Configurations

cpe:2.3:o:netbsd:netbsd:1.4.2:*:alpha:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.4.2:*:alpha:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.4.2:*:arm32:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.4.2:*:arm32:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.4.2:*:sparc:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.4.2:*:sparc:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.4.2:*:x86:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.4.2:*:x86:*:*:*:*:*

CVSS

Base:	2.1 (as of 10-09-2008 - 19:04)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	1273
netbsd	NetBSD-SA2000-006
osvdb	1366
xf	netbsd-ftpchroot-parsing

Last major update

10-09-2008 - 19:04

Published

28-05-2000 - 04:00

Last modified

10-09-2008 - 19:04