Vulnerability in Novell Suse_linux

CVE-2011-0988

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary file…

EPSS: 0.000 (8.6th percentile) — read the EPSS interpretation.

Affected products

Novell Suse_linux — versions 10, 11
Pureftpd Pure-ftpd — versions 1.0.22
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

44039 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
SUSE-SU-2011:0306 (vendor-advisory, x_refsource_SUSE)
sles-pureftpd-privilege-escalation(66618) (vdb-entry, x_refsource_XF)