Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1500

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1500
Last Modified 07 Mar 2011 09:07:26
Published 31 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1500

Summary

ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.

Vulnerable Systems

Application

  • Proftpd Project Proftpd 1.2

  • Proftpd Project Proftpd 1.2 Pre1

  • Proftpd Project Proftpd 1.2 Pre10

  • Proftpd Project Proftpd 1.2 Pre11

  • Proftpd Project Proftpd 1.2 Pre2

  • Proftpd Project Proftpd 1.2 Pre3

  • Proftpd Project Proftpd 1.2 Pre4

  • Proftpd Project Proftpd 1.2 Pre5

  • Proftpd Project Proftpd 1.2 Pre6

  • Proftpd Project Proftpd 1.2 Pre7

  • Proftpd Project Proftpd 1.2 Pre8

  • Proftpd Project Proftpd 1.2 Pre9

  • Proftpd Project Proftpd 1.2.0 Rc3

  • Proftpd Project Proftpd 1.2.1

  • Proftpd Project Proftpd 1.2.2

  • Proftpd Project Proftpd 1.2.2 Rc1

  • Proftpd Project Proftpd 1.2.2 Rc2


References

BID - 3310

XF - proftpd-unresolved-hostname(7126)

BUGTRAQ - 20010907 ProFTPd and reverse DNS

CONECTIVA - CLA-2002:450

MANDRAKE - MDKSA-2002:005


Last Updated: 27 May 2016 10:36:42