5.1

CVE-2007-2165

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Proftpd ProjectProftpd Version <= 1.3.0_rc1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.52% 0.957
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255
Vendor Advisory
http://bugs.proftpd.org/show_bug.cgi?id=2922
Patch
http://osvdb.org/34602
http://secunia.com/advisories/24867
Vendor Advisory
http://secunia.com/advisories/25724
http://secunia.com/advisories/27516
http://securitytracker.com/id?1017931
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:130
http://www.securityfocus.com/bid/23546
http://www.vupen.com/english/advisories/2007/1444
https://bugzilla.redhat.com/show_bug.cgi?id=237533
https://exchange.xforce.ibmcloud.com/vulnerabilities/33733
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html