MNBSD-2011-3: Privilege escalation in chrooted ftpd

Severity: Unknown

Affected Package: ftpd

Summary: Privilege escalation in chrooted ftpd

Description

When ftpd is configured to place a user in a chroot(2) environment, an attacker who can log in as that user may be able to run arbitrary code with root privileges. The issue stems from the interaction between chroot and services that later reload configuration/library files. No CVE was assigned by FreeBSD for this advisory.

Affected Versions

ftpd

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases:

Published: December 23, 2011
Last Modified: December 23, 2011