PT-2011-2796 · Pure Ftpd · Pure-Ftpd
Published
2011-04-18
·
Updated
2017-08-17
·
CVE-2011-0988
CVSS v2.0
4.4
Medium
| Vector | AV:L/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
pure-ftpd version 1.0.22
Description
The issue allows local users to gain privileges by overwriting arbitrary files due to the creation of a world-writeable directory when running OES Netware extensions.
Recommendations
For pure-ftpd version 1.0.22, consider restricting write access to the directory created by pure-ftpd to prevent local users from overwriting arbitrary files until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pure-Ftpd