Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1475

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-1999-1475
Last Modified 05 Sep 2008 04:19:36
Published 19 Nov 1999 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-1999-1475

Summary

ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.

Vulnerable Systems

Application

  • Proftpd Project Proftpd 1.2


References

BID - 812

BUGTRAQ - 19991119 ProFTPd - mod_sqlpw.c


Last Updated: 27 May 2016 10:35:26