Access Control Bypass in ProFTPD by The ProFTPD Project
CVE-2004-0432

Currently unrated

Key Information:

Vendor: Proftpd Project
Status: Proftpd
Vendor: CVE Published:; 18 August 2004

🔔 Create Proftpd Project Vulnerability Alert

What is CVE-2004-0432?

The ProFTPD 1.2.9 version incorrectly processes the Allow and Deny directives associated with CIDR-based Access Control Lists (ACLs). This misconfiguration leads to a scenario where FTP clients may circumvent the established restrictions, effectively granting them unauthorized access to files and services that should otherwise be protected. This vulnerability emphasizes the importance of strict access control configurations in FTP servers to safeguard sensitive data from potential exploitation.

References

http://www.securityfocus.com/bid/10252

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/16038

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=108335051011341&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Aug 18, 2004
Vulnerability Reserved
May 3, 2004

JSON