postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
Link | Tags |
---|---|
http://www.debian.org/security/2001/dsa-032 | patch vendor advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/6208 | vdb entry |