CVE-2004-0148

8 documents5 sources

Severity

7.2HIGH

EPSS

0.0%

top 90.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SGI Propack Washington University Wu-ftpd

Timeline

PublishedApr 15

Latest updateApr 29

Description

wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDwashington_university/wu-ftpd21 versions+20

▶NVDsgi/propack2.3, 2.4+1

Patches

Patch: www.debian.org ↗Patch: www.redhat.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-878w-8w5v-4v3j: wu-ftpd 2↗2022-04-29

▶

CVEList

CVE-2004-0148: wu-ftpd 2↗2004-09-01

▶

📋Vendor Advisories

Red Hat

cscope: multiple buffer overflows↗2009-04-30

▶

Red Hat

security flaw↗2004-03-08

▶

💬Community

Bugzilla

CVE-2004-0148 security flaw↗2018-08-16

▶

Bugzilla

CVE-2004-2541, CVE-2009-0148 cscope: multiple buffer overflows↗2009-03-17

▶