Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2001-0456
HistoryJun 27, 2001 - 4:00 a.m.

CVE-2001-0456

2001-06-2704:00:00
NVD-CWE-Other
[email protected]
web.nvd.nist.gov
28
cve-2001-0456
debian 2.2
proftpd
postinst script
uid/gid root
anonymous access
nvd

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.029 Low

EPSS

Percentile

90.6%

JSON

postinst installation script for Proftpd in Debian 2.2 does not properly change the “run as uid/gid root” configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.

Related

openvas 2
nessus 2
openvas
openvas
Debian Security Advisory DSA 032-1 (proftpd)
2008-01-17 00:00:00
Debian Security Advisory DSA 032-1 (proftpd)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-032-1 : proftpd - proftpd running with incorrect userid, erroneous file removal
2004-09-29 00:00:00
ProFTPD on Debian Linux postinst Installation Privilege Escalation
2003-03-23 00:00:00

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.029 Low

EPSS

Percentile

90.6%

JSON
Related for CVE-2001-0456
openvas2nessus2