Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0432

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0432
Last Modified 10 Sep 2008 03:26:22
Published 18 Aug 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0432

Summary

ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.

Vulnerable Systems

Operating System

  • Gentoo Linux 0.5

  • Gentoo Linux 0.7

  • Gentoo Linux 1.1a

  • Gentoo Linux 1.2

  • Gentoo Linux 1.4

  • Trustix Secure Linux 2.0

  • Trustix Secure Linux 2.1

Application

  • Proftpd Project Proftpd 1.2.9


References

BID - 10252

XF - proftpd-cidr-acl-bypass(16038)

SECUNIA - 11527

TRUSTIX - 2004-0025

CONFIRM - http://bugs.proftpd.org/show_bug.cgi?id=2267

MANDRAKE - MDKSA-2004:041

BUGTRAQ - 20040430 [OpenPKG-SA-2004.018] OpenPKG Security Advisory (proftpd)


Last Updated: 27 May 2016 10:38:36