CVE-2006-6008
First published: Tue Nov 21 2006(Updated: )
ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netkit Netkit | =0.17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454
- http://bugs.gentoo.org/show_bug.cgi?id=150292
- http://ftp.debian.org/debian/pool/main/l/linux-ftpd/linux-ftpd_0.17-22.diff.gz
- http://www.gentoo.org/security/en/glsa/glsa-200611-05.xml
- http://secunia.com/advisories/22816
- http://secunia.com/advisories/22853
- collector/nvd-historical
- vendor/netkit
- product/netkit
- canonical/netkit netkit
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- version/netkit netkit/0.17