ID CVE-2004-0148
Summary wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
References
Vulnerable Configurations
  • cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*
    cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2006-03-09T12:19:00.000-04:00
    class vulnerability
    contributors
    name Robert L. Hollis
    organization ThreatGuard, Inc.
    description wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
    family unix
    id oval:org.mitre.oval:def:1147
    status accepted
    submitted 2006-01-30T07:20:00.000-04:00
    title HP-UX wuftpd Privilege Escalation Vulnerability (B.11.11)
    version 35
  • accepted 2010-09-20T04:00:15.821-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
    family unix
    id oval:org.mitre.oval:def:1636
    status accepted
    submitted 2006-01-30T07:20:00.000-04:00
    title HP-UX wuftpd Privilege Escalation Vulnerability (B.11.22)
    version 39
  • accepted 2006-03-09T12:19:00.000-04:00
    class vulnerability
    contributors
    name Robert L. Hollis
    organization ThreatGuard, Inc.
    description wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
    family unix
    id oval:org.mitre.oval:def:1637
    status accepted
    submitted 2006-01-30T07:20:00.000-04:00
    title HP-UX wuftpd Privilege Escalation Vulnerability (B.11.00)
    version 35
  • accepted 2010-09-20T04:00:34.087-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Todd Dolinsky
      organization Opsware, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    description wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
    family unix
    id oval:org.mitre.oval:def:648
    status accepted
    submitted 2006-01-30T07:20:00.000-04:00
    title HP-UX wuftpd Privilege Escalation Vulnerability (B.11.23)
    version 40
redhat via4
advisories
rhsa
id RHSA-2004:096
refmap via4
bid 9832
debian DSA-457
frsirt ADV-2006-1867
hp SSRT4704
sco SCOSA-2005.6
secunia
  • 11055
  • 20168
sunalert 102356
xf wuftpd-restrictedgid-gain-access(15423)
Last major update 03-05-2018 - 01:29
Published 15-04-2004 - 04:00
Last modified 03-05-2018 - 01:29
Back to Top