CVE-2011-0988

pure-ftpd 1.0.22 - Privilege Escalation via World-Writable Directory

Title source: llm
STIX 2.1

Description

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44039
Various Sources vendor-advisory x_refsource_suse
https://hermes.opensuse.org/messages/7849430
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66618

Scores

EPSS 0.0003
EPSS Percentile 8.5%

Details

CWE
CWE-264
Status published
Products (3)
novell/suse_linux 10 sp3 (2 CPE variants)
novell/suse_linux 11 sp3 (2 CPE variants)
pureftpd/pure-ftpd 1.0.22
Published Apr 18, 2011
Tracked Since Feb 18, 2026