Vulnerabilities > CVE-1999-1475 - Unspecified vulnerability in Proftpd Project Proftpd 1.2

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

proftpd-project

NVD

Published: 1999-11-19

Updated: 2008-09-05

Summary

ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.

Vulnerable Configurations

Part	Description	Count
Application	Proftpd_Project Proftpd Project Proftpd 1.2	1

References

http://www.securityfocus.com/archive/1/35483
http://www.securityfocus.com/bid/812