SB20240823115 - Incorrect permission assignment for critical resource in Froxlor

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20240823115

SB20240823115 - Incorrect permission assignment for critical resource in Froxlor

Published: August 23, 2024 Updated: April 27, 2026

Security Bulletin ID SB20240823115
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Incorrect permission assignment for critical resource (CVE-ID: N/A)

The vulnerability allows a local user to disclose sensitive information and potentially escalate privileges.

The vulnerability exists due to incorrect permission assignment for a critical resource in /etc/pure-ftpd/db/mysql.conf when generating configuration files for pure-ftpd. A local user can read the world-readable file to disclose sensitive information and potentially escalate privileges.

Only instances configured to use pure-ftpd are vulnerable. The issue can be exploited by unprivileged users with command or code execution access on the system, including virtual users able to run uploaded PHP scripts or other CGI programs.


Remediation

Install update from vendor's website.

References