Google
  Web www.spinics.net

[Bug 237533] New: CVE-2007-2165: proftpd auth bypass vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.




https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237533

           Summary: CVE-2007-2165: proftpd auth bypass vulnerability
           Product: Fedora Extras
           Version: fc6
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: high
          Priority: high
         Component: proftpd
        AssignedTo: matthias@xxxxxxxxxxxx
        ReportedBy: ville.skytta@xxxxxx
         QAContact: extras-qa@xxxxxxxxxxxxxxxxx
                CC: fedora-security-list@xxxxxxxxxx


http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2165
http://bugs.proftpd.org/show_bug.cgi?id=2922

"The Auth API in ProFTPD before 20070417, when multiple simultaneous
authentication modules are configured, does not require that the module that
checks authentication is the same as the module that retrieves authentication
data, which might allow remote attackers to bypass authentication, as
demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved
from /etc/passwd."

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list

[Home]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Red Hat 9 Bible]     [Fedora Bible]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Coolkey]     [Fedora Tools]

Powered by Linux

Google
  Web www.spinics.net