Main Vulnerability Database SB2024121154

SB2024121154 - Debian update for proftpd-dfsg

Published: December 11, 2024

Security Bulletin ID SB2024121154

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper privilege management (CVE-ID: CVE-2024-48651)

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to improper privilege management when handling users without assigned supplementary groups. If the user has no groups assigned to their account, the server will assume the GID of 0 for this account. As a result, the user will gain access to files and directories owned by the system root user and will be able to modify them at will, leading to privilege escalation and system compromise.

Remediation

Install update from vendor's website.

References

https://lists.debian.org/debian-security-announce/2024/msg00243.html