PT-2007-3507 · Proftpd · Proftpd

Published

2007-04-22

Updated

2017-07-29

CVE-2007-2165

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ProFTPD versions prior to 20070417

Description The issue allows remote attackers to bypass authentication when multiple simultaneous authentication modules are configured in the Auth API. This is because the module checking authentication does not have to be the same as the module retrieving authentication data. For example, using SQLAuthTypes Plaintext in mod sql with data retrieved from /etc/passwd can demonstrate this issue.

Recommendations For ProFTPD versions prior to 20070417, update to a version released after 20070417 to resolve the issue. As a temporary workaround, consider restricting the use of multiple simultaneous authentication modules to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2165

Affected Products

Proftpd

PT-2007-3507 · Proftpd · Proftpd

CVE-2007-2165

Related Identifiers

Affected Products

References · 19