5.1

CVE-2007-2165

EPSS 2.49%
Veröffentlicht 22.04.2007 19:19:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Proftpd Project ≫ Proftpd Version <= 1.3.0_rc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.49%	0.848

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255

Vendor Advisory

http://bugs.proftpd.org/show_bug.cgi?id=2922

Patch

http://osvdb.org/34602

http://secunia.com/advisories/24867

Vendor Advisory

http://secunia.com/advisories/25724

http://secunia.com/advisories/27516

http://securitytracker.com/id?1017931

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2007:130

http://www.securityfocus.com/bid/23546

http://www.vupen.com/english/advisories/2007/1444

https://bugzilla.redhat.com/show_bug.cgi?id=237533

https://exchange.xforce.ibmcloud.com/vulnerabilities/33733

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html

https://nvd.nist.gov/vuln/detail/CVE-2007-2165

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2165

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2165

EUVD