漏洞信息详情
ProFTPD mod_sqlpw漏洞
- CNNVD编号:CNNVD-199911-064
- 危害等级: 中危
- CVE编号: CVE-1999-1475
- 漏洞类型: 设计错误
- 发布时间: 1999-11-19
- 威胁类型: 本地
- 更新时间: 2005-10-20
- 厂 商: proftpd_project
- 漏洞来源: on Nov 19, 1999.');">First posted to Bu...
漏洞简介
ProFTPd 1.2编译mod_sqlpw模式时在wtm日志文件中记录用户密码时产生漏洞。本地用户通过阅读wtmp,如最后指令,可以获得密码和提升权限。
漏洞公告
Upgrades are available. ProFTPD Project ProFTPD 1.2 pre3
- ProFTPD Project proftpd-1.2.4.tar.gz ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.4.tar.gz
- ProFTPD Project proftpd-1.2.4.tar.gz ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.4.tar.gz
- ProFTPD Project proftpd-1.2.4.tar.gz ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.4.tar.gz
- ProFTPD Project proftpd-1.2.4.tar.gz ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.4.tar.gz
- Conectiva proftpd-1.2.5rc1-1U50_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/proftpd-1.2.5rc1-1U50_1cl .i386.rpm
- Conectiva proftpd-1.2.5rc1-1U50_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/proftpd -1.2.5rc1-1U50_1cl.i386.rpm
- Conectiva proftpd-1.2.5rc1-1U50_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/proftpd- 1.2.5rc1-1U50_1cl.i386.rpm
- Conectiva proftpd-1.2.5rc1-1U51_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/proftpd-1.2.5rc1-1U51_1cl .i386.rpm
- Conectiva proftpd-1.2.5rc1-1U60_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/proftpd-1.2.5rc1-1U60_1cl .i386.rpm
- Conectiva proftpd-1.2.5rc1-1U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/proftpd-1.2.5rc1-1U70_1cl .i386.rpm
- Conectiva proftpd-doc-1.2.5rc1-1U50_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/proftpd-doc-1.2.5rc1-1U50 _1cl.i386.rpm
- Conectiva proftpd-doc-1.2.5rc1-1U50_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/proftpd- doc-1.2.5rc1-1U50_1cl.i386.rpm
- Conectiva proftpd-doc-1.2.5rc1-1U51_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/proftpd-doc-1.2.5rc1-1U51 _1cl.i386.rpm
- Conectiva proftpd-doc-1.2.5rc1-1U60_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/proftpd-doc-1.2.5rc1-1U60 _1cl.i386.rpm
- Conectiva proftpd-doc-1.2.5rc1-1U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/proftpd-doc-1.2.5rc1-1U70 _1cl.i386.rpm
- Mandrake proftpd-1.2.5-0.rc1.1.2mdk.i586.rpmMandrake Linux 7.2 i586 upgrade. http://www.linux-mandrake.com/en/ftp.php3
- Mandrake proftpd-1.2.5-0.rc1.1mdk.i586.rpmMandrake Linux 8.0 i586 upgrade. http://www.linux-mandrake.com/en/ftp.php3
- Mandrake proftpd-1.2.5-0.rc1.1mdk.i586.rpmMandrake Linux 8.1 i586 upgrade. http://www.linux-mandrake.com/en/ftp.php3
- Mandrake proftpd-1.2.5-0.rc1.1mdk.ppc.rpmMandrake Linux 8.0 PPC upgrade. http://www.linux-mandrake.com/en/ftp.php3
- Mandrake proftpd-1.2.5-0.rc1.2mdk.ia64.rpmMandrake Linux 8.1 IA64 upgrade. http://www.linux-mandrake.com/en/ftp.php3
- ProFTPD Project proftpd-1.2.4.tar.gz ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.4.tar.gz
- ProFTPD Project proftpd-1.2.4.tar.gz ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.4.tar.gz
- ProFTPD Project proftpd-1.2.4.tar.gz ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.4.tar.gz
- ProFTPD Project proftpd-1.2.4.tar.gz ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.4.tar.gz
- ProFTPD Project proftpd-1.2.4.tar.gz ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.4.tar.gz
- ProFTPD Project proftpd-1.2.4.tar.gz ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.4.tar.gz
- ProFTPD Project proftpd-1.2.4.tar.gz ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.4.tar.gz
- ProFTPD Project proftpd-1.2.4.tar.gz ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.4.tar.gz
- ProFTPD Project proftpd-1.2.4.tar.gz ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.4.tar.gz
- ProFTPD Project proftpd-1.2.4.tar.gz ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.4.tar.gz
参考网址
来源: BID 名称: 812 链接:http://www.securityfocus.com/bid/812 来源: BUGTRAQ 名称: 19991119 ProFTPd - mod_sqlpw.c 链接:http://www.securityfocus.com/archive/1/35483
受影响实体
- Proftpd_project Proftpd:1.2
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
评论