openEuler update for proftpd

Published: 2024-12-11

Risk	High
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2024-48651
CWE-ID	CWE-269
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	openEuler Operating systems & Components / Operating system proftpd-utils Operating systems & Components / Operating system package or component proftpd-sqlite Operating systems & Components / Operating system package or component proftpd-postgresql Operating systems & Components / Operating system package or component proftpd-mysql Operating systems & Components / Operating system package or component proftpd-ldap Operating systems & Components / Operating system package or component proftpd-devel Operating systems & Components / Operating system package or component proftpd-debugsource Operating systems & Components / Operating system package or component proftpd-debuginfo Operating systems & Components / Operating system package or component proftpd Operating systems & Components / Operating system package or component
Vendor	openEuler

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Improper privilege management

EUVDB-ID: #VU101665

Risk: High

CVSSv4.0: 7.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-48651

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to improper privilege management when handling users without assigned supplementary groups. If the user has no groups assigned to their account, the server will assume the GID of 0 for this account. As a result, the user will gain access to files and directories owned by the system root user and will be able to modify them at will, leading to privilege escalation and system compromise.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4 - 24.03 LTS

proftpd-utils: before 1.3.8b-3

proftpd-sqlite: before 1.3.8b-3

proftpd-postgresql: before 1.3.8b-3

proftpd-mysql: before 1.3.8b-3

proftpd-ldap: before 1.3.8b-3

proftpd-devel: before 1.3.8b-3

proftpd-debugsource: before 1.3.8b-3

proftpd-debuginfo: before 1.3.8b-3

proftpd: before 1.3.8b-3

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2508

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.