CVE-2008-1668

by Fred · 13/08/2008

ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.

Date published : 2008-08-13

http://www.securityfocus.com/bid/30666

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01525562

CVE-2008-1668

Similar

Recent Posts

Categories

CVE-2008-1668

Share this:

Similar

Recent Posts

Categories

Tags