In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql.
{ "vanir_signatures": [ { "deprecated": false, "source": "https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1", "target": { "file": "src/auth.c" }, "digest": { "line_hashes": [ "241826480125719508170331703112517546782", "83038903423867946056526867307522736168", "329242786179123763484665696963553920530", "136598311252058349769192104775603423345", "4289333976649283761296570363669672240", "214097130631858452644417131628581964209", "135993045477909499629858457941540788582", "233664117571097207714333893254907167263", "42662693253802801550936790773518592054", "254847784116696712838160626074616474854", "24647064842941430170908643336696081462", "320084414010630237395206390352537366100", "236878984579876450464159951347386418163", "163811401541803634792216492889654514554", "260818850143139079995934862484232771182", "77905896671089196448889247168445624854", "121149393972726395558091033446130653824", "54500582070541384263967646210336262735", "131728512189978376222418837695839594361", "316802008808663806618127403106554385075", "243146828352849708218636746920617873646" ], "threshold": 0.9 }, "id": "CVE-2024-48651-06026400", "signature_version": "v1", "signature_type": "Line" }, { "deprecated": false, "source": "https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1", "target": { "file": "contrib/mod_sftp/auth.c" }, "digest": { "line_hashes": [ "56711568699791777063010077034350926923", "244336609763366538744953431043328362254", "121005404154955508441328300741457047693", "233539956001220427180733958826712618910", "314908408910608316195033920154335458915", "250948074795593264913477840512256710153" ], "threshold": 0.9 }, "id": "CVE-2024-48651-75a7e17c", "signature_version": "v1", "signature_type": "Line" }, { "deprecated": false, "source": "https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1", "target": { "function": "setup_env", "file": "modules/mod_auth.c" }, "digest": { "function_hash": "187034407946730235899894532939015682716", "length": 19246.0 }, "id": "CVE-2024-48651-77b5f603", "signature_version": "v1", "signature_type": "Function" }, { "deprecated": false, "source": "https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1", "target": { "file": "modules/mod_auth.c" }, "digest": { "line_hashes": [ "181464189053819092841469814985425621500", "334872106466614068527349446077542405070", "196032808652393326460944060646460829150", "39578959533843600226953819164894945836", "33720135756503817538998337696406887804", "264462616318780923595180723788196630357", "46140058366325920564606130846525933042", "175582859461736681225681752098539060300", "231728410306602372778186671967766588362", "96541821314016273967809128432727004028" ], "threshold": 0.9 }, "id": "CVE-2024-48651-8a04e39f", "signature_version": "v1", "signature_type": "Line" }, { "deprecated": false, "source": "https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1", "target": { "function": "setup_env", "file": "contrib/mod_sftp/auth.c" }, "digest": { "function_hash": "153327724525144796053422275410370040632", "length": 8986.0 }, "id": "CVE-2024-48651-953eec8c", "signature_version": "v1", "signature_type": "Function" }, { "deprecated": false, "source": "https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1", "target": { "function": "pr_auth_getgroups", "file": "src/auth.c" }, "digest": { "function_hash": "260082419041335454373305522463553736706", "length": 1517.0 }, "id": "CVE-2024-48651-997f0c07", "signature_version": "v1", "signature_type": "Function" } ] }