Lucene search

FreeBSDC28F4705-043F-11DA-BC08-0001020EED82

HistoryJul 26, 2005 - 12:00 a.m.

proftpd -- format string vulnerabilities

2005-07-2600:00:00

vuxml.freebsd.org

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.004 Low

EPSS

Percentile

74.0%

JSON

The ProFTPD release notes states:

sean <infamous42md at hotpop.com> found two format
string vulnerabilities, one in mod_sql’s SQLShowInfo
directive, and one involving the ‘ftpshut’ utility. Both
can be considered low risk, as they require active
involvement on the part of the site administrator in order
to be exploited.

These vulnerabilities could potentially lead to information
disclosure, a denial-of-server situation, or execution of
arbitrary code with the permissions of the user running
ProFTPD.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchproftpd< 1.3.0.rc2UNKNOWN
FreeBSDanynoarchproftpd-mysql< 1.3.0.rc2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	proftpd	< 1.3.0.rc2	UNKNOWN
FreeBSD	any	noarch	proftpd-mysql	< 1.3.0.rc2	UNKNOWN

References

www.gentoo.org/security/en/glsa/glsa-200508-02.xml

www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.004 Low

EPSS

Percentile

74.0%

JSON

Related for C28F4705-043F-11DA-BC08-0001020EED82