CVE-2006-7094 - ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective

CVE-2006-7094

Summary

ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors.

References

Vulnerable Configurations

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
cpe:2.3:a:ftpd:ftpd:*:*:*:*:*:*:*:*
cpe:2.3:a:ftpd:ftpd:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

CVSS

Base:	8.5 (as of 16-10-2018 - 16:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:S/C:C/I:C/A:C

refmap via4

bugtraq	20070220 /bin/ls with gid=0 in Debian linux-ftpd
confirm	http://bugs.debian.org/384454 http://bugs.gentoo.org/show_bug.cgi?id=155317 http://packages.qa.debian.org/l/linux-ftpd/news/20061125T181702Z.html
osvdb	34242
sreason	2330

Last major update

16-10-2018 - 16:29

Published

02-03-2007 - 21:18

Last modified

16-10-2018 - 16:29