In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql.
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"241826480125719508170331703112517546782",
"83038903423867946056526867307522736168",
"329242786179123763484665696963553920530",
"136598311252058349769192104775603423345",
"4289333976649283761296570363669672240",
"214097130631858452644417131628581964209",
"135993045477909499629858457941540788582",
"233664117571097207714333893254907167263",
"42662693253802801550936790773518592054",
"254847784116696712838160626074616474854",
"24647064842941430170908643336696081462",
"320084414010630237395206390352537366100",
"236878984579876450464159951347386418163",
"163811401541803634792216492889654514554",
"260818850143139079995934862484232771182",
"77905896671089196448889247168445624854",
"121149393972726395558091033446130653824",
"54500582070541384263967646210336262735",
"131728512189978376222418837695839594361",
"316802008808663806618127403106554385075",
"243146828352849708218636746920617873646"
]
},
"target": {
"file": "src/auth.c"
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1",
"id": "CVE-2024-48651-06026400"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"56711568699791777063010077034350926923",
"244336609763366538744953431043328362254",
"121005404154955508441328300741457047693",
"233539956001220427180733958826712618910",
"314908408910608316195033920154335458915",
"250948074795593264913477840512256710153"
]
},
"target": {
"file": "contrib/mod_sftp/auth.c"
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1",
"id": "CVE-2024-48651-75a7e17c"
},
{
"digest": {
"length": 19246.0,
"function_hash": "187034407946730235899894532939015682716"
},
"target": {
"function": "setup_env",
"file": "modules/mod_auth.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1",
"id": "CVE-2024-48651-77b5f603"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"181464189053819092841469814985425621500",
"334872106466614068527349446077542405070",
"196032808652393326460944060646460829150",
"39578959533843600226953819164894945836",
"33720135756503817538998337696406887804",
"264462616318780923595180723788196630357",
"46140058366325920564606130846525933042",
"175582859461736681225681752098539060300",
"231728410306602372778186671967766588362",
"96541821314016273967809128432727004028"
]
},
"target": {
"file": "modules/mod_auth.c"
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1",
"id": "CVE-2024-48651-8a04e39f"
},
{
"digest": {
"length": 8986.0,
"function_hash": "153327724525144796053422275410370040632"
},
"target": {
"function": "setup_env",
"file": "contrib/mod_sftp/auth.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1",
"id": "CVE-2024-48651-953eec8c"
},
{
"digest": {
"length": 1517.0,
"function_hash": "260082419041335454373305522463553736706"
},
"target": {
"function": "pr_auth_getgroups",
"file": "src/auth.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1",
"id": "CVE-2024-48651-997f0c07"
}
]