CVE-2011-0988

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
VendorProductVersion
pureftpdpure-ftpd
1.0.22
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pure-ftpd
bullseye
1.0.49-4.1
fixed
bookworm
1.0.50-2.1
fixed
sid
1.0.50-2.2
fixed
trixie
1.0.50-2.2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pure-ftpd
maverick
not-affected
lucid
not-affected
karmic
not-affected
hardy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://secunia.com/advisories/44039
https://exchange.xforce.ibmcloud.com/vulnerabilities/66618
https://hermes.opensuse.org/messages/7849430
http://secunia.com/advisories/44039
https://exchange.xforce.ibmcloud.com/vulnerabilities/66618
https://hermes.opensuse.org/messages/7849430