1557 matches found
DSA-1925-1 proftpd-dfsg - SSL certificate verification weakness
Bulletin has no description...
CVE-2009-3639
The modtls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended...
CVE-2009-3639
The modtls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended...
Design/Logic Flaw
The modtls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended...
CVE-2009-3639
The modtls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended...
DEBIAN-CVE-2009-3639
The modtls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended...
CVE-2009-3639
The modtls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended...
CVE-2009-3639
Technical details about CVE-2009-3639 are not provided in the connected documents; no affected products, versions, or fixes are specified here. Monitor for updates.
CVE-2009-3639
The modtls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended...
Mandrake Security Advisory MDVSA-2009:288 (proftpd)
The remote host is missing an update to proftpd announced via advisory MDVSA-2009:288. OpenVAS Vulnerability Test $Id: mdksa2009288.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:288 proftpd Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...
ProFTPD mod_tls模块CA SSL证书验证漏洞
BUGTRAQ ID: 36804 CVE ID: CVE-2009-3639 ProFTPD是一款开放源代码FTP服务程序。 ProFTPD的modtls模块没有正确地处理X.509证书主题通用名称(CN)字段域名中的空字符(\0),在处理包含有空字符的证书字段时错误地将空字符处理为截止字符,因此只会验证空字符前的部分。例如,对于类似于以下的名称: example.com\0.haxx.se 证书是发布给haxx.se的,但modtls模块错误的验证给example.com,这有助于攻击者通过中间人攻击执行网络钓鱼等欺骗。 必须满足以下modtls配置的情况下服务器才受这个漏洞影响:...
Mandrake Security Advisory MDVSA-2009:288 (proftpd)
The remote host is missing an update to proftpd announced via advisory MDVSA-2009:288. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...
Mandriva Linux Security Advisory : proftpd (MDVSA-2009:288)
A vulnerability has been identified and corrected in proftpd : The modtls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '' character in a domain name in the Subject Alternative Name field of an X.509 client...
ProFTPD < 1.3.2b, 1.3.3 - 1.3.3.rc1 SSL Certificate Validation Bypass Vulnerability
ProFTPD is prone to a security bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might b...
ProFTPd 1.3.0 (OpenSUSE) - 'mod_ctrls' Local Stack Overflow
!/usr/bin/perl -w Exploit for the ProFTPd modctrls vulnerability. Stack Overflow in function int prctrlsrecvrequestprcrlsclt cl unchecked buffer for arguments of the module connects to the unix domain socket and sends a string that is longer than the buffer char512. Cheers to Alfredo "revenge"...
ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)
Exploit for unknown platform in category local exploits ======================================================= ProFTPd 1.3.0 modctrls Local Stack Overflow opensuse ======================================================= Title: ProFTPd 1.3.0 modctrls Local Stack Overflow opensuse CVE-ID: OSVDB-ID...
ProFTPd 1.3.0 (OpenSUSE) - mod_ctrls Local Stack Overflow
ProFTPd 1.3.0 OpenSUSE - modctrls Local Stack Overflow !/usr/bin/perl -w Exploit for the ProFTPd modctrls vulnerability. Stack Overflow in function int prctrlsrecvrequestprcrlsclt cl unchecked buffer for arguments of the module connects to the unix domain socket and sends a string that is longer...
ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)
No description provided by source. !/usr/bin/perl -w Exploit for the ProFTPd modctrls vulnerability. Stack Overflow in function int prctrlsrecvrequestprcrlsclt cl unchecked buffer for arguments of the module connects to the unix domain socket and sends a string that is longer than the buffer...
ProFTPD SReplace Function Buffer Overflow (CVE-2006-5815)
The ProFTPD server is a full featured File Transfer Protocol FTP server mainly used in Linux distributions. Aside from the standard FTP features, the server supports a number of extensions. There exists a buffer overflow vulnerability in ProFTPD FTP server. The vulnerability is due to improper...
ProFTPd 1.3.0 mod_ctrls Local Root Exploit
!/usr/bin/perl -w Exploit for the ProFTPd modctrls vulnerability. Stack Overflow in function int prctrlsrecvrequestprcrlsclt cl unchecked buffer for arguments of the module connects to the unix domain socket and sends a string that is longer than the buffer char512. Cheers to Alfredo "revenge"...