CVE-2008-1668

Name of the Vulnerable Software and Affected Versions wu-ftpd version 2.4.2 ftpd in HP HP-UX B.11.11

Description The issue allows remote attackers to gain privileges in certain operating-system misconfigurations where PAM authentication can succeed even though no passwd entry is available for a user. This can occur when an FTP client is assigned uid 0, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.

Recommendations For wu-ftpd version 2.4.2, ensure proper configuration of PAM authentication and nsswitch.conf to prevent unauthorized access. For ftpd in HP HP-UX B.11.11, verify that the system is correctly configured to handle LDAP accounts and passwd information to prevent privilege escalation.