ALT Linux Bugzilla – #11558
ProFTPD Auth API Multiple Authentication Modules Security Issue
Last modified: 2008-02-28 15:41:39
You need to
before you can comment on or make changes to this bug.
A security issue has been reported in ProFTPD, which potentially can
be exploited by malicious people to bypass certain security
The security issue is caused due to an error within ProFTPD's Auth
API. If multiple authentication modules are used, it is possible that
one module provides data, which is then authenticated against another
module. This can e.g. be exploited to bypass certain security
restrictions if authentication modules are configured with different
Fixed in the CVS repository.
PROVIDED AND/OR DISCOVERED BY:
Fixed in proftpd-1.3.0rel-alt2.