Vulnerabilities > CVE-2005-2390 - Unspecified vulnerability in Proftpd Project Proftpd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
PARTIAL Summary
Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
Vulnerable Configurations
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-140.NASL description Two format string vulnerabilities were discovered in ProFTPD. The first exists when displaying a shutdown message containin the name of the current directory. This could be exploited by a user who creates a directory containing format specifiers and sets the directory as the current directory when the shutdown message is being sent. The second exists when displaying response messages to the cleint using information retreived from a database using mod_sql. Note that mod_sql support is not enabled by default, but the contrib source file has been patched regardless. The updated packages have been patched to correct these problems. last seen 2020-06-01 modified 2020-06-02 plugin id 19897 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19897 title Mandrake Linux Security Advisory : proftpd (MDKSA-2005:140) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:140. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(19897); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2005-2390"); script_xref(name:"MDKSA", value:"2005:140"); script_name(english:"Mandrake Linux Security Advisory : proftpd (MDKSA-2005:140)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Two format string vulnerabilities were discovered in ProFTPD. The first exists when displaying a shutdown message containin the name of the current directory. This could be exploited by a user who creates a directory containing format specifiers and sets the directory as the current directory when the shutdown message is being sent. The second exists when displaying response messages to the cleint using information retreived from a database using mod_sql. Note that mod_sql support is not enabled by default, but the contrib source file has been patched regardless. The updated packages have been patched to correct these problems." ); script_set_attribute( attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/advisories/16181" ); script_set_attribute( attribute:"solution", value:"Update the affected proftpd and / or proftpd-anonymous packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-anonymous"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"proftpd-1.2.9-3.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"proftpd-anonymous-1.2.9-3.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"proftpd-1.2.10-2.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"proftpd-anonymous-1.2.10-2.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"proftpd-1.2.10-9.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"proftpd-anonymous-1.2.10-9.1.102mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FTP NASL id PROFTPD_1_3_0_RC2.NASL description The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host suffers from multiple format string vulnerabilities, one involving the last seen 2020-06-01 modified 2020-06-02 plugin id 19302 published 2005-07-27 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19302 title ProFTPD < 1.3.0rc2 Multiple Remote Format Strings NASL family Debian Local Security Checks NASL id DEBIAN_DSA-795.NASL description infamous42md reported that proftpd suffers from two format string vulnerabilities. In the first, a user with the ability to create a directory could trigger the format string error if there is a proftpd shutdown message configured to use the last seen 2020-06-01 modified 2020-06-02 plugin id 19565 published 2005-09-06 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19565 title Debian DSA-795-2 : proftpd - potential code execution NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C28F4705043F11DABC080001020EED82.NASL description The ProFTPD release notes states : sean <infamous42md at hotpop.com> found two format string vulnerabilities, one in mod_sql last seen 2020-06-01 modified 2020-06-02 plugin id 21507 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21507 title FreeBSD : proftpd -- format string vulnerabilities (c28f4705-043f-11da-bc08-0001020eed82) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200508-02.NASL description The remote host is affected by the vulnerability described in GLSA-200508-02 (ProFTPD: Format string vulnerabilities) last seen 2020-06-01 modified 2020-06-02 plugin id 19364 published 2005-08-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19364 title GLSA-200508-02 : ProFTPD: Format string vulnerabilities