Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2004-0148

Published: 15/04/2004 Updated: 03/05/2018
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

wu-ftpd 2.6.2 and previous versions, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.

Vulnerable Product Search on Vulmon Subscribe to Product

washington university wu-ftpd 2.4.2 beta18

washington university wu-ftpd 2.4.2 beta18 vr14

washington university wu-ftpd 2.5.0

washington university wu-ftpd 2.4.2 vr17

washington university wu-ftpd 2.4.2 beta18 vr9

washington university wu-ftpd 2.4.1

washington university wu-ftpd 2.4.2 vr16

washington university wu-ftpd 2.6.2

washington university wu-ftpd 2.6.0

washington university wu-ftpd 2.4.2 beta18 vr11

washington university wu-ftpd 2.4.2 beta18 vr6

washington university wu-ftpd 2.4.2 beta18 vr4

washington university wu-ftpd 2.4.2 beta18 vr12

sgi propack 2.3

washington university wu-ftpd 2.4.2 beta18 vr5

washington university wu-ftpd 2.4.2 beta18 vr13

washington university wu-ftpd 2.4.2 beta18 vr10

washington university wu-ftpd 2.4.2 beta18 vr15

washington university wu-ftpd 2.6.1

washington university wu-ftpd 2.4.2 beta2

washington university wu-ftpd 2.4.2 beta18 vr7

sgi propack 2.4

washington university wu-ftpd 2.4.2 beta18 vr8

Vendor Advisories

Debian Security Advisories: DSA-457-1 wu-ftpd -- several vulnerabilities
Two vulnerabilities were discovered in wu-ftpd: CAN-2004-0148 Glenn Stewart discovered that users could bypass the directory access restrictions imposed by the restricted-gid option by changing the permissions on their home directory On a subsequent login, when access to the user's home directory was denied, wu-ftpd would fall back to the ro ...

References

NVD-CWE-Otherhttp://www.debian.org/security/2004/dsa-457http://www.redhat.com/support/errata/RHSA-2004-096.htmlhttp://www.securityfocus.com/bid/9832http://www.frsirt.com/english/advisories/2006/1867http://secunia.com/advisories/11055http://secunia.com/advisories/20168http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1http://marc.info/?l=bugtraq&m=108999466902690&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147https://exchange.xforce.ibmcloud.com/vulnerabilities/15423https://nvd.nist.govhttps://www.debian.org/security/./dsa-457
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044client sideCVE-2021-47601deserializationCVE-2024-34994encryptionCVE-2021-47609CVE-2024-37079CVE-2024-38608
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook