Lucene search

[email protected]NVD:CVE-2004-0148

HistoryApr 15, 2004 - 4:00 a.m.

CVE-2004-0148

2004-04-1504:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.1

Confidence

Low

EPSS

Percentile

10.1%

JSON

wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.

Affected configurations

Nvd

Node

sgipropackMatch2.3

sgipropackMatch2.4

washington_universitywu-ftpdMatch2.4.1

washington_universitywu-ftpdMatch2.4.2_beta2academ

washington_universitywu-ftpdMatch2.4.2_beta18academ

washington_universitywu-ftpdMatch2.4.2_beta18_vr4

washington_universitywu-ftpdMatch2.4.2_beta18_vr5

washington_universitywu-ftpdMatch2.4.2_beta18_vr6

washington_universitywu-ftpdMatch2.4.2_beta18_vr7

washington_universitywu-ftpdMatch2.4.2_beta18_vr8

washington_universitywu-ftpdMatch2.4.2_beta18_vr9

washington_universitywu-ftpdMatch2.4.2_beta18_vr10

washington_universitywu-ftpdMatch2.4.2_beta18_vr11

washington_universitywu-ftpdMatch2.4.2_beta18_vr12

washington_universitywu-ftpdMatch2.4.2_beta18_vr13

washington_universitywu-ftpdMatch2.4.2_beta18_vr14

washington_universitywu-ftpdMatch2.4.2_beta18_vr15

washington_universitywu-ftpdMatch2.4.2_vr16

washington_universitywu-ftpdMatch2.4.2_vr17

washington_universitywu-ftpdMatch2.5.0

washington_universitywu-ftpdMatch2.6.0

washington_universitywu-ftpdMatch2.6.1

washington_universitywu-ftpdMatch2.6.2

VendorProductVersionCPE
sgipropack2.3cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*
sgipropack2.4cpe:2.3:a:sgi:propack:2.4:*:*:*:*:*:*:*
washington_universitywu-ftpd2.4.1cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*
washington_universitywu-ftpd2.4.2_beta2cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*
washington_universitywu-ftpd2.4.2_beta18cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*
washington_universitywu-ftpd2.4.2_beta18_vr4cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*
washington_universitywu-ftpd2.4.2_beta18_vr5cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*
washington_universitywu-ftpd2.4.2_beta18_vr6cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*
washington_universitywu-ftpd2.4.2_beta18_vr7cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*
washington_universitywu-ftpd2.4.2_beta18_vr8cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sgi	propack	2.3	cpe:2.3:a:sgi:propack:2.3:::::::*
sgi	propack	2.4	cpe:2.3:a:sgi:propack:2.4:::::::*
washington_university	wu-ftpd	2.4.1	cpe:2.3:a:washington_university:wu-ftpd:2.4.1:::::::*
washington_university	wu-ftpd	2.4.2_beta2	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2::academ:::::
washington_university	wu-ftpd	2.4.2_beta18	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18::academ:::::
washington_university	wu-ftpd	2.4.2_beta18_vr4	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:::::::*
washington_university	wu-ftpd	2.4.2_beta18_vr5	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:::::::*
washington_university	wu-ftpd	2.4.2_beta18_vr6	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:::::::*
washington_university	wu-ftpd	2.4.2_beta18_vr7	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:::::::*
washington_university	wu-ftpd	2.4.2_beta18_vr8	cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:::::::*