World-writeable directory vulnerability in pure-ftpd 1.0.22 on SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions

World-writeable directory vulnerability in pure-ftpd 1.0.22 on SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions

CVE-2011-0988 · MEDIUM Severity

AV:L/AC:M/AU:N/C:P/I:P/A:P

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.

Learn more about our Cis Benchmark Audit For Desktop Software.