Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2004-0148
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead..
CVSSv2.0 Score
- Severity
- High
- Base Score
- 7.2/10
- Exploit Score
- 3.9/10
- Access Vector
- Local
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 10/10
- Confidentiality Impact
- Complete
- Availability Impact
- Complete
- Integrity Impact
- Complete
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:acade |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*: |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:* |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*: |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:* |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:* |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*: |
Yes
|
- | - | |
cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:* |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*: |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*: |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*: |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:* |
Yes
|
- | - | |
cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:* |
Yes
|
- | - |
References
- http://www.debian.org/security/2004/dsa-457
- http://www.redhat.com/support/errata/RHSA-2004-096.html
- http://www.securityfocus.com/bid/9832
- http://www.frsirt.com/english/advisories/2006/1867
- http://secunia.com/advisories/11055
- http://secunia.com/advisories/20168
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1
- http://marc.info/?l=bugtraq&m=108999466902690&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15423