CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-7094

ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.015

EPSS Ranking 79.9%

CVSS Severity

CVSS v2 Score 8.5

References

http://bugs.debian.org/384454
http://bugs.gentoo.org/show_bug.cgi?id=155317
http://osvdb.org/34242
http://packages.qa.debian.org/l/linux-ftpd/news/20061125T181702Z.html
http://securityreason.com/securityalert/2330
http://www.securityfocus.com/archive/1/460742/100/0/threaded
http://bugs.debian.org/384454
http://bugs.gentoo.org/show_bug.cgi?id=155317
http://osvdb.org/34242
http://packages.qa.debian.org/l/linux-ftpd/news/20061125T181702Z.html
http://securityreason.com/securityalert/2330
http://www.securityfocus.com/archive/1/460742/100/0/threaded

Products affected by CVE-2006-7094

Ftpd » Ftpd » Version: Any

cpe:2.3:a:ftpd:ftpd:*
Debian » Debian Linux » Version: 4.0

cpe:2.3:o:debian:debian_linux:4.0
Gentoo » Linux » Version: N/A

cpe:2.3:o:gentoo:linux:-
Gentoo » Linux » Version: 1.2

cpe:2.3:o:gentoo:linux:1.2
Gentoo » Linux » Version: 1.4

cpe:2.3:o:gentoo:linux:1.4
Gentoo » Linux » Version: 2.1.30

cpe:2.3:o:gentoo:linux:2.1.30
Gentoo » Linux » Version: 2.2.28

cpe:2.3:o:gentoo:linux:2.2.28
Gentoo » Linux » Version: 2.3.30

cpe:2.3:o:gentoo:linux:2.3.30

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-7094

Products

Pricing

Contact Us