CyberSec.Space Logo
Back to CVE Browser

CVE-2006-7094

HIGH
8.5
CVSS Severity Score
EPSS Score0.1030%
EPSS Percentile40.94th
PublishedMar 2, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors.

Affected Platforms (CPE)

πŸ“¦
Ftpd

Ftpd

All versions

References & Advisories

πŸ”— http://bugs.debian.org/384454
πŸ”— http://bugs.gentoo.org/show_bug.cgi?id=155317
πŸ”— http://osvdb.org/34242
πŸ”— http://packages.qa.debian.org/l/linux-ftpd/news/20061125T181702Z.html
πŸ”— http://securityreason.com/securityalert/2330
πŸ”— http://www.securityfocus.com/archive/1/460742/100/0/threaded
πŸ”— http://bugs.debian.org/384454
πŸ”— http://bugs.gentoo.org/show_bug.cgi?id=155317

Related Vulnerabilities

CVE-1999-036810.0

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

CVE-1999-008210.0

CWD ~root command in ftpd allows root access.

CVE-1999-066110.0

A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP...

CVE-1999-087810.0

Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.