CVE-2011-0988

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.

Published: Apr 18, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-0988
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
novell / suse_linux	10-sp3	10-sp3.x
novell / suse_linux	10-sp4	10-sp4.x
novell / suse_linux	11-sp4	11-sp4.x
pureftpd / pure-ftpd	1.0.22	1.0.22.x
novell / suse_linux	11-sp3	11-sp3.x

http://secunia.com/advisories/44039
https://exchange.xforce.ibmcloud.com/vulnerabilities/66618
https://hermes.opensuse.org/messages/7849430

Vulnerability Database

289,599

CVE-2011-0988