CyberSec.Space Logo
Back to CVE Browser

CVE-2008-1668

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1460%
EPSS Percentile43.91th
PublishedAug 13, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.

Affected Platforms (CPE)

πŸ’»
Hp

Hp Ux

= 11.11

References & Advisories

πŸ”— http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01525562
πŸ”— http://secunia.com/advisories/31471
πŸ”— http://www.openwall.com/lists/oss-security/2008/08/20/4
πŸ”— http://www.securityfocus.com/bid/30666
πŸ”— http://www.securitytracker.com/id?1020682
πŸ”— http://www.vupen.com/english/advisories/2008/2364
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/44414
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5971

Related Vulnerabilities

CVE-2008-034510.0

Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, ak...

CVE-2008-034810.0

Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.2...

CVE-2008-034410.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote a...

CVE-2008-034910.0

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8....