CVE-2006-7094

Current Description

ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors.

Basic Data

PublishedMarch 02, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score8.5
SeverityHIGH
Exploitability Score6.8
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSGentooLinux********
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationFtpdFtpd********
  • AND
    • OR - Configuration 2
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSDebianDebian Linux4.0*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationFtpdFtpd********

Vulnerable Software List

VendorProductVersions
Ftpd Ftpd *

References

NameSourceURLTags
http://bugs.debian.org/384454http://bugs.debian.org/384454CONFIRM
http://bugs.gentoo.org/show_bug.cgi?id=155317http://bugs.gentoo.org/show_bug.cgi?id=155317CONFIRMPatch
34242http://osvdb.org/34242OSVDB
http://packages.qa.debian.org/l/linux-ftpd/news/20061125T181702Z.htmlhttp://packages.qa.debian.org/l/linux-ftpd/news/20061125T181702Z.htmlCONFIRM
2330http://securityreason.com/securityalert/2330SREASON
20070220 /bin/ls with gid=0 in Debian linux-ftpdhttp://www.securityfocus.com/archive/1/460742/100/0/threadedBUGTRAQ