VYPR
Unrated severityNVD Advisory· Published Aug 13, 2008· Updated Jun 16, 2026

CVE-2008-1668

CVE-2008-1668

Description

ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Microfocus/Hpux2 versions
    cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
    • (no CPE)range: B.11.11
  • Ftpd/Ftpdllm-fuzzy
    Range: 2.4.2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.