Description
pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.
Affected products
- Novell / suse_linux10 – 10
- Novell / suse_linux10 – 10
- Novell / suse_linux11 – 11
- Novell / suse_linux11 – 11
- pureftpd / pure-ftpd1.0.22 – 1.0.22