Unrated severityNVD Advisory· Published Aug 13, 2008· Updated Jun 16, 2026
CVE-2008-1668
CVE-2008-1668
Description
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
- (no CPE)range: B.11.11
Patches
Vulnerability mechanics
References
8- secunia.com/advisories/31471nvdVendor Advisory
- www.vupen.com/english/advisories/2008/2364nvdVendor Advisory
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- www.openwall.com/lists/oss-security/2008/08/20/4nvd
- www.securityfocus.com/bid/30666nvd
- www.securitytracker.com/idnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/44414nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5971nvd
News mentions
0No linked articles in our index yet.