CVE-2007-2165

{"id": "CVE-2007-2165", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-04-22T19:19:00.000", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://bugs.proftpd.org/show_bug.cgi?id=2922", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34602", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24867", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25724", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27516", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017931", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:130", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/23546", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1444", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237533", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33733", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html", "source": "cve@mitre.org"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://bugs.proftpd.org/show_bug.cgi?id=2922", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/34602", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24867", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/25724", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/27516", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1017931", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:130", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/23546", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/1444", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237533", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33733", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd."}, {"lang": "es", "value": "El API en ProFTPD anterior 20070417, cuando \t\r\nse configuran m\u00faltiples m\u00f3dulos de validaci\u00f3n de forma simultanea, no requiere que el m\u00f3dulo que valida la autenticaci\u00f3n en el mismo m\u00f3dulo que recupera los datos de validaci\u00f3n, lo cual podr\u00eda permitir a atacantes remotos evitar la validaci\u00f3n, como se demostr\u00f3 con el uso SQLAuthTypes Plaintext en mod_sql, con datos recuperados de /etc/passwd."}], "lastModified": "2024-11-21T00:30:04.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B84D8596-CC91-4BE7-932D-EF6BDFD47561", "versionEndIncluding": "1.3.0_rc1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}