CVE-2006-5778 Information

Description

ftpd in linux-ftpd 0.17 and possibly other versions performs a chdir before setting the UID which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454 http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/049014.html http://secunia.com/advisories/22997 http://security.gentoo.org/glsa/glsa-200611-05.xml http://www.debian.org/security/2006/dsa-1217 http://www.securityfocus.com/bid/21000