ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors.
References
Configurations
History
No history.
Information
Published : 2007-03-02 21:18
Updated : 2024-02-28 11:01
NVD link : CVE-2006-7094
Mitre link : CVE-2006-7094
CVE.ORG link : CVE-2006-7094
JSON object : View
Products Affected
ftpd
- ftpd
debian
- debian_linux
gentoo
- linux
CWE