CVE-2006-6008
Severity Score
6.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.
ftpd en Linux Netkit (linux-ftpd) 0.17, y posiblemente otras versiones, no comprueba el estado que retornan ciertas llamadas a seteuid, setgid, y setuid, lo cual permite a usuarios remotos autenticados obtener privilegios si esas llamadas fallan en casos como fallos PAM o limitaciĆ³n de recursos, una vulnerabilidad diferente que CVE-2006-5778.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-11-21 CVE Reserved
- 2006-11-21 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454 | 2008-09-05 | |
| http://bugs.gentoo.org/show_bug.cgi?id=150292 | 2008-09-05 | |
| http://ftp.debian.org/debian/pool/main/l/linux-ftpd/linux-ftpd_0.17-22.diff.gz | 2008-09-05 | |
| http://secunia.com/advisories/22816 | 2008-09-05 | |
| http://secunia.com/advisories/22853 | 2008-09-05 | |
| http://www.gentoo.org/security/en/glsa/glsa-200611-05.xml | 2008-09-05 |
| URL | Date | SRC |
|---|