FreeBSD : wu-ftpd ftpaccess `restricted-uid'/`restricted-gid' directive may be bypassed (3b7c7f6c-7102-11d8-873f-0020ed76ef5a)
High Nessus Plugin ID 37480
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionGlenn Stewart reports a bug in wu-ftpd's ftpaccess `restricted-uid'/`restricted-gid' directives :
Users can get around the restriction to their home directory by issuing a simple chmod command on their home directory. On the next ftp log in, the user will have '/' as their root directory.
Matt Zimmerman discovered that the cause of the bug was a missing check for a restricted user within a code path that is executed only when a certain error is encountered.
SolutionUpdate the affected packages.