CVE-2008-1668 — HP Hp-ux vulnerability

CWE-2644 documents4 sources

Severity

10.0CRITICALNVD

EPSS

3.1%

top 13.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Hp-ux

Timeline

PublishedAug 13

Latest updateMay 1

Description

ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/hp-ux11.11

🔴Vulnerability Details

GHSA

GHSA-55qq-jmpr-33w8: ftpd↗2022-05-01

▶

CVEList

CVE-2008-1668: ftpd↗2008-08-13

▶

📋Vendor Advisories

Red Hat

CVE-2008-1668: ftpd↗

▶