MNBSD-2020-8: ftpd ftpchroot sandbox escape and privilege escalation

Severity: Unknown

Affected Package: ftpd

Summary: ftpd ftpchroot sandbox escape and privilege escalation

Description

A bug in ftpd(8)'s implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, could be used to escape the file system restriction configured with ftpchroot(5). Moreover, the bug allowed a malicious client to gain root privileges.

Affected Versions

ftpd

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2020-7468

Published: September 15, 2020
Last Modified: September 15, 2020