| VID |
16128 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The ProFTPD FTP server is vulnerable to a security-restriction-bypass vulnerability in the AUTH API. ProFTPD versions 1.2.x and 1.3.x prior to 2007/04/17 could allow a remote attacker to bypass certain security restrictions, caused by an error in the way the Auth API uses authentication data provided by simultaneous modules. This vulnerability could allow a remote attacker to bypass certain security restrictions and potentially gain unauthorized access to certain resources if authentication modules are configured with different policies.
* References:
http://bugs.proftpd.org/show_bug.cgi?id=2922
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255
http://www.frsirt.com/english/advisories/2007/1444
http://securitytracker.com/id?1017931
http://secunia.com/advisories/24867
* Platforms Affected:
ProFTPD Project, ProFTPD versions 1.2.x and 1.3.x prior to 20070417
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of ProFTPD (1.3.x 2007/04/17 or later), available from the ProFTPD Web site at http://www.proftpd.org/ |
| Related URL |
CVE-2007-2165 (CVE) |
| Related URL |
23546 (SecurityFocus) |
| Related URL |
(ISS) |
|
