Gentoo Linux Security Advisory GLSA 200611-05:02 - The original fix for Netkit FTP server introduced a new vulnerability allowing the listing of any arbitrary directory with root group permissions due to a typo in the setgid() call. New fixed packages are available. Also, this update adds a second CVE reference which was not originally mentioned while it was covered by the original fix. Versions less than 0.17-r5 are affected.
67fd8e0046ba330ab4a4490a40167c059b22d287ab6505f1baffca55105ec92b
Debian Security Advisory 1217-1 - Paul Szabo discovered that the netkit ftp server switches the user id too late, which may lead to the bypass of access restrictions when running on NFS. This update also adds return value checks to setuid() calls, which may fail in some PAM configurations.
876216d28ca2491cadd58471692fd3f0533c8535fcc5e4734fc2054bb5c2610f