CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
10.1%
Glenn Stewart reports a bug in wu-ftpd’s ftpaccess
restricted-uid'/
restricted-gid’ directives:
Users can get around the restriction to their home
directory by issuing a simple chmod command on their home
directory. On the next ftp log in, the user will have ‘/’
as their root directory.
Matt Zimmerman discovered that the cause of the bug was a
missing check for a restricted user within a code path that
is executed only when a certain error is encountered.