LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

wu-ftpd: two vulnerabilities

Package(s):wu-ftpd CVE #(s):CAN-2004-0148 CAN-2004-0185
Created:March 9, 2004 Updated:March 10, 2004
Description: CAN-2004-0148 - Glenn Stewart discovered that users could bypass the directory access restrictions imposed by the restricted-gid option by changing the permissions on their home directory. On a subsequent login, when access to the user's home directory was denied, wu-ftpd would fall back to the root directory.

CAN-2004-0185 - A buffer overflow existed in wu-ftpd's code which deals with S/key authentication.

Alerts:
Red Hat RHSA-2004:096-01 2004-03-08
Debian DSA-457-1 2004-03-08
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds