pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pure-ftpd | Pureftpd | 1.0.22 (including) | 1.0.22 (including) |
Suse_linux | Novell | 10-sp3 (including) | 10-sp3 (including) |
Suse_linux | Novell | 10-sp4 (including) | 10-sp4 (including) |
Suse_linux | Novell | 11-sp3 (including) | 11-sp3 (including) |
Suse_linux | Novell | 11-sp4 (including) | 11-sp4 (including) |