CVE-2008-1668
ftpd.c in 1 wu-ftpd 2.4.2 and 2 ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by ...