CVE-2006-5778
https://notcve.org/view.php?id=CVE-2006-5778
ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory. ftpd en linux-ftpd 0.17, y posiblemente otras versiones, efectúa un chdir antes de establecer el UID, lo cual permite a usuarios locales evitar las restricciones de acceso previstas redireccionando su directorio home a un directorio restringido. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454 http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/049014.html http://secunia.com/advisories/22997 http://security.gentoo.org/glsa/glsa-200611-05.xml http://www.debian.org/security/2006/dsa-1217 http://www.securityfocus.com/bid/21000 •
CVE-2005-3524 – linux-ftpd-ssl 0.17 - 'MKD'/'CWD' Remote Code Execution
https://notcve.org/view.php?id=CVE-2005-3524
Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command. • https://www.exploit-db.com/exploits/1295 http://seclists.org/lists/fulldisclosure/2005/Nov/0140.html http://secunia.com/advisories/17465 http://secunia.com/advisories/17529 http://secunia.com/advisories/17586 http://www.debian.org/security/2005/dsa-896 http://www.osvdb.org/20530 http://www.securityfocus.com/bid/15343 http://www.vupen.com/english/advisories/2005/2330 https://exchange.xforce.ibmcloud.com/vulnerabilities/23016 •