CVE-2024-48651

Publication date 29 November 2024

Last updated 3 December 2024


Ubuntu priority

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql.

Read the notes from the security team

Status

Package Ubuntu Release Status
proftpd-dfsg 24.10 oracular
Vulnerable
24.04 LTS noble
Vulnerable
22.04 LTS jammy
Vulnerable
20.04 LTS focal
Not affected
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected

Notes


eslerm

not introduced until v1.3.7 with 678696c8db9fb8e33d444be8f59ea88b419b13ae