CVE-2011-0988

CWE-2644 documents4 sources
Severity
4.4MEDIUM
EPSS
0.0%
top 91.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Novell Suse LinuxPureftpd Pure-ftpd
Timeline
PublishedApr 18
Latest updateMay 17

Description

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

ā–¶NVDnovell/suse_linux10, 11+1
ā–¶NVDpureftpd/pure-ftpd1.0.22

šŸ”“Vulnerability Details

2
GHSA
GHSA-fcmr-8hmm-9f43: pure-ftpd 1ā†—2022-05-17
ā–¶
CVEList
CVE-2011-0988: pure-ftpd 1ā†—2011-04-18
ā–¶

šŸ“‹Vendor Advisories

1
Debian
CVE-2011-0988: pure-ftpd - pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and En...ā†—2011
ā–¶
CVE-2011-0988 (MEDIUM CVSS 4.4) | pure-ftpd 1.0.22 | cvebase.io