Lucene search
MitreCVE-2006-7094HistoryMar 02, 2007 - 9:18 p.m.
CVE-2006-7094
2007-03-0221:18:00
mitre
web.nvd.nist.gov
22
cve-2006-7094
ftpd
gentoo
debian
linux
security vulnerability
nvd
CVSS2
8.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
AI Score
6.5
Confidence
Low
EPSS
0.005
Percentile
76.4%
ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors.
Affected configurations
Node
gentoolinux
ftpdftpd
Node
debiandebian_linuxMatch4.0
ftpdftpd
Related
debiancve
debiancve
CVE-2006-7094
2007-03-02 21:18:00
ubuntucve
ubuntucve
CVE-2006-7094
2007-03-02 00:00:00
nvd
nvd
CVE-2006-7094
2007-03-02 21:18:00
cvelist
cvelist
CVE-2006-7094
2007-02-28 15:00:00
CVSS2
8.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
AI Score
6.5
Confidence
Low
EPSS
0.005
Percentile
76.4%
Related for CVE-2006-7094