High

CVE-2004-0148 - Unspecified vulnerability in multiple products

Publication: 2004-04-15
Summary

wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.

Risk level (CVSS 7.2)

High

7.2

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • SGI Propack 2.3
  • SGI Propack 2.4
  • Washington University WU-ftpd 2.4.1
  • Washington University WU-ftpd 2.5.0
  • Washington University WU-ftpd 2.6.0
  • Washington University WU-ftpd 2.6.1
  • Washington University WU-ftpd 2.4.2_beta18_vr5
  • Washington University WU-ftpd 2.4.2_beta18_vr6
  • Washington University WU-ftpd 2.4.2_beta18_vr7
  • Washington University WU-ftpd 2.4.2_beta18_vr8
  • Washington University WU-ftpd 2.4.2_beta18_vr9
  • Washington University WU-ftpd 2.6.2
  • Washington University WU-ftpd 2.4.2_beta18_vr11
  • Washington University WU-ftpd 2.4.2_beta18_vr12
  • Washington University WU-ftpd 2.4.2_beta18_vr13
  • Washington University WU-ftpd 2.4.2_beta18_vr14
  • Washington University WU-ftpd 2.4.2_beta18_vr15
  • Washington University WU-ftpd 2.4.2_vr16
  • Washington University WU-ftpd 2.4.2_vr17
  • Washington University WU-ftpd 2.4.2_beta2
  • Washington University WU-ftpd 2.4.2_beta18
  • Washington University WU-ftpd 2.4.2_beta18_vr4
  • Washington University WU-ftpd 2.4.2_beta18_vr10