CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-1668

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1460%
EPSS Percentile43.91th
Published2008年8月13日
Last Modified2026年4月23日

Vulnerability Description

ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.

Affected Platforms (CPE)

💻
Hp

Hp Ux

= 11.11

References & Advisories

🔗 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01525562
🔗 http://secunia.com/advisories/31471
🔗 http://www.openwall.com/lists/oss-security/2008/08/20/4
🔗 http://www.securityfocus.com/bid/30666
🔗 http://www.securitytracker.com/id?1020682
🔗 http://www.vupen.com/english/advisories/2008/2364
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/44414
🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5971

相关漏洞威胁

CVE-2008-034410.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote a...

CVE-2008-034310.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has u...

CVE-2008-461510.0

Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors.

CVE-2008-034510.0

Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, ak...

CVE-2008-1668 Detail & Impact Analysis | CVSS 10.0 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space