Gentoo Linux Security Advisory GLSA 200611-05:02 - The original fix for Netkit FTP server introduced a new vulnerability allowing the listing of any arbitrary directory with root group permissions due to a typo in the setgid() call. New fixed packages are available. Also, this update adds a second CVE reference which was not originally mentioned while it was covered by the original fix. Versions less than 0.17-r5 are affected.
67fd8e0046ba330ab4a4490a40167c059b22d287ab6505f1baffca55105ec92bDebian Security Advisory 1217-1 - Paul Szabo discovered that the netkit ftp server switches the user id too late, which may lead to the bypass of access restrictions when running on NFS. This update also adds return value checks to setuid() calls, which may fail in some PAM configurations.
876216d28ca2491cadd58471692fd3f0533c8535fcc5e4734fc2054bb5c2610f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed