[Bug 237533] New: CVE-2007-2165: proftpd auth bypass vulnerability
bugzilla at redhat.com
bugzilla at redhat.com
Mon Apr 23 17:49:22 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237533
Summary: CVE-2007-2165: proftpd auth bypass vulnerability
Product: Fedora Extras
Version: fc6
Platform: All
OS/Version: Linux
Status: NEW
Severity: high
Priority: high
Component: proftpd
AssignedTo: matthias at rpmforge.net
ReportedBy: ville.skytta at iki.fi
QAContact: extras-qa at fedoraproject.org
CC: fedora-security-list at redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2165
http://bugs.proftpd.org/show_bug.cgi?id=2922
"The Auth API in ProFTPD before 20070417, when multiple simultaneous
authentication modules are configured, does not require that the module that
checks authentication is the same as the module that retrieves authentication
data, which might allow remote attackers to bypass authentication, as
demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved
from /etc/passwd."
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the security
mailing list