New Search

HP-UX Running ftpd Remote Privileged Access

oval:org.mitre.oval:def:5971

ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user which allows remote attackers to gain privileges as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • HP-UX 11
Class:
vulnerability
Reference(s):
  • CVE-2008-1668
Product(s):