CVE-2011-0988

Published Apr 18, 2011

Last updated 7 years ago

Overview

Description: pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.4
Impact score: 6.4
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pureftpd:pure-ftpd:1.0.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66DC1055-CD1D-48B3-9CC4-40F42C3490A1"
          },
          {
            "criteria": "cpe:2.3:o:novell:suse_linux:10:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BCA5CC9-72F0-46ED-A0DF-611377E2D3BD"
          },
          {
            "criteria": "cpe:2.3:o:novell:suse_linux:10:sp4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D9148F6-3E3A-42D0-B398-B069A683A6B2"
          },
          {
            "criteria": "cpe:2.3:o:novell:suse_linux:11:sp3:desktop:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C041069-C3AF-468E-9E20-55974B4B9C25"
          },
          {
            "criteria": "cpe:2.3:o:novell:suse_linux:11:sp4:desktop:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D038A9C-3B15-4E33-BD76-500927801064"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References