SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (File Transfer/Sharing)  >   ProFTPD Vendors:   ProFTPd
ProFTPD Auth API State Error May Let Remote Users Access the System in Certain Cases
SecurityTracker Alert ID:  1017931
SecurityTracker URL:  http://securitytracker.com/id/1017931
CVE Reference:   CVE-2007-2165   (Links to External Site)
Updated:  Jun 21 2007
Original Entry Date:  Apr 18 2007
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.3.1rc2 and prior versions
Description:   A vulnerability was reported in ProFTPD. A remote user may be able to access the target service in certain cases.

When the system is configured with multiple simultaneous authentication modules, the ProFTPD Auth API may accept user data from one module while a different module authenticates the user. If any of the auth modules have different authentication policies, this may allow the remote user to bypass authentication.

The original report is available at:

http://bugs.proftpd.org/show_bug.cgi?id=2922

Evgeni Golov reported this vulnerability.

Impact:   A remote user may be able to access the server without proper authentication credentials.
Solution:   A fix is available via CVS.
Vendor URL:  www.proftpd.org/ (Links to External Site)
Cause:   State error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Date:  Wed, 18 Apr 2007 07:40:39 -0400
Subject:  ProFTPD


http://bugs.proftpd.org/show_bug.cgi?id=2922

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC