SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   ProFTPD Vendors:   ProFTPd
ProFTPD Auth API State Error May Let Remote Users Access the System in Certain Cases
SecurityTracker Alert ID:  1017931
SecurityTracker URL:  http://securitytracker.com/id/1017931
CVE Reference:   CVE-2007-2165   (Links to External Site)
Updated:  Jun 21 2007
Original Entry Date:  Apr 18 2007
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.3.1rc2 and prior versions
Description:   A vulnerability was reported in ProFTPD. A remote user may be able to access the target service in certain cases.

When the system is configured with multiple simultaneous authentication modules, the ProFTPD Auth API may accept user data from one module while a different module authenticates the user. If any of the auth modules have different authentication policies, this may allow the remote user to bypass authentication.

The original report is available at:

http://bugs.proftpd.org/show_bug.cgi?id=2922

Evgeni Golov reported this vulnerability.

Impact:   A remote user may be able to access the server without proper authentication credentials.
Solution:   A fix is available via CVS.
Vendor URL:  www.proftpd.org/ (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC