VULHUB ™

A vulnerabilty has been discovered in Archimede's glftpd which may allow an unauthorized user to obtain root privileges. When adding a 'oneliner' string on the FTP server, root privileges are required to update the global FTP file 'oneliners'. It has been reported that glftpd fails to effectively drop privileges after updating the said file. Exploitation of this issue may allow an attacker to obtain an effective user identification of 'root'. It should be noted that the user would still be contained within the established FTP chroot environment.

A vulnerabilty has been discovered in Archimede's glftpd which may allow an unauthorized user to obtain root privileges. When adding a 'oneliner' string on the FTP server, root privileges are required to update the global FTP file 'oneliners'. It has been reported that glftpd fails to effectively drop privileges after updating the said file. Exploitation of this issue may allow an attacker to obtain an effective user identification of 'root'. It should be noted that the user would still be contained within the established FTP chroot environment.