CVE-2006-6008

high

Description

ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.

References

http://www.gentoo.org/security/en/glsa/glsa-200611-05.xml

http://secunia.com/advisories/22853

http://secunia.com/advisories/22816

http://ftp.debian.org/debian/pool/main/l/linux-ftpd/linux-ftpd_0.17-22.diff.gz

http://bugs.gentoo.org/show_bug.cgi?id=150292

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454

Details

Source: Mitre, NVD

Published: 2006-11-21

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01099