Back to search
CVE-2008-1668
Published: Aug 13, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1020682
vdb-entry
x_refsource_SECTRACK
ADV-2008-2364
vdb-entry
x_refsource_VUPEN
HPSBUX02356
vendor-advisory
x_refsource_HP
30666
vdb-entry
x_refsource_BID
[oss-security] 20080820 FW: CVE-2008-1668 - ftpd 2.4 - unauthorized root access - patch details
mailing-list
x_refsource_MLIST
oval:org.mitre.oval:def:5971
vdb-entry
signature
x_refsource_OVAL
hpux-ftpd-security-bypass(44414)
vdb-entry
x_refsource_XF
31471
third-party-advisory
x_refsource_SECUNIA
SSRT080051
vendor-advisory
x_refsource_HP
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now