Vulnerabilities > CVE-2006-7094 - Remote Security vulnerability in Ftpd
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
OS | 1 | |
Application | 1 |