PublicDate: 2007-03-02 21:18:00 UTC
Candidate: CVE-2006-7094
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7094
Description:
 ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid
 instead of the effective group id before executing /bin/ls, which allows
 remote authenticated users to list arbitrary directories with the
 privileges of gid 0 and possibly enable additional attack vectors.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:

dapper_linux-ftpd: ignored (reached end-of-life)
edgy_linux-ftpd: needed (reached end-of-life)
feisty_linux-ftpd: released (0.17-24)
gutsy_linux-ftpd: not-affected
hardy_linux-ftpd: not-affected
intrepid_linux-ftpd: not-affected
jaunty_linux-ftpd: not-affected
karmic_linux-ftpd: not-affected
devel_linux-ftpd: not-affected
upstream_linux-ftpd: needs-triage