Full Disclosure mailing list archives
UPDATE: [ GLSA 200611-05 ] Netkit FTP Server: Privilege escalation
From: Raphael Marichez <falco () gentoo org>
Date: Tue, 13 Feb 2007 18:58:40 +0100
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory [UPDATE] GLSA 200611-05:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Netkit FTP Server: Privilege escalation Date: November 10, 2006 Updated: February 11, 2007 Bugs: #150292 ID: 200611-05:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Update ====== The original fix introduced a new vulnerability allowing the listing of any arbitrary directory with root group permissions due to a typo in the setgid() call. New fixed packages are available. Also, this update adds a second CVE reference which was not originally mentionned while it was covered by the original fix. Additionally, please note that the Netkit FTP Server package has been renamed from net-ftp/ftpd to net-ftp/netkit-ftpd. The updated sections appear below. Background ========== net-ftp/netkit-ftpd is the Linux Netkit FTP server with optional SSL support. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-ftp/netkit-ftpd < 0.17-r5 >= 0.17-r5 Resolution ========== All Netkit FTP Server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/netkit-ftpd-0.17-r5" References ========== [ 1 ] CVE-2006-5778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5778 [ 2 ] CVE-2006-6008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6008 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200611-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- UPDATE: [ GLSA 200611-05 ] Netkit FTP Server: Privilege escalation Raphael Marichez (Feb 13)