Vulnerabilities > CVE-2009-3639 - Cryptographic Issues vulnerability in Proftpd
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1925.NASL description It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon, does not properly handle a last seen 2020-06-01 modified 2020-06-02 plugin id 44790 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44790 title Debian DSA-1925-1 : proftpd-dfsg - insufficient input validation code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1925. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(44790); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2009-3639"); script_bugtraq_id(36804); script_xref(name:"DSA", value:"1925"); script_name(english:"Debian DSA-1925-1 : proftpd-dfsg - insufficient input validation"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, when the dNSNameRequired TLS option is enabled." ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1925" ); script_set_attribute( attribute:"solution", value: "Upgrade the proftpd-dfsg packages. For the stable distribution (lenny), this problem has been fixed in version 1.3.1-17lenny4. For the oldstable distribution (etch), this problem has been fixed in version 1.3.0-19etch3. Binaries for the amd64 architecture will be released once they are available." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:proftpd-dfsg"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"proftpd", reference:"1.3.0-19etch3")) flag++; if (deb_check(release:"4.0", prefix:"proftpd-doc", reference:"1.3.0-19etch3")) flag++; if (deb_check(release:"4.0", prefix:"proftpd-ldap", reference:"1.3.0-19etch3")) flag++; if (deb_check(release:"4.0", prefix:"proftpd-mysql", reference:"1.3.0-19etch3")) flag++; if (deb_check(release:"4.0", prefix:"proftpd-pgsql", reference:"1.3.0-19etch3")) flag++; if (deb_check(release:"5.0", prefix:"proftpd", reference:"1.3.1-17lenny4")) flag++; if (deb_check(release:"5.0", prefix:"proftpd-basic", reference:"1.3.1-17lenny4")) flag++; if (deb_check(release:"5.0", prefix:"proftpd-doc", reference:"1.3.1-17lenny4")) flag++; if (deb_check(release:"5.0", prefix:"proftpd-mod-ldap", reference:"1.3.1-17lenny4")) flag++; if (deb_check(release:"5.0", prefix:"proftpd-mod-mysql", reference:"1.3.1-17lenny4")) flag++; if (deb_check(release:"5.0", prefix:"proftpd-mod-pgsql", reference:"1.3.1-17lenny4")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-288.NASL description A vulnerability has been identified and corrected in proftpd : The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a last seen 2020-06-01 modified 2020-06-02 plugin id 42240 published 2009-10-26 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42240 title Mandriva Linux Security Advisory : proftpd (MDVSA-2009:288) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2009:288. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(42240); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:52"); script_cve_id("CVE-2009-3639"); script_bugtraq_id(36804); script_xref(name:"MDVSA", value:"2009:288"); script_name(english:"Mandriva Linux Security Advisory : proftpd (MDVSA-2009:288)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability has been identified and corrected in proftpd : The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '�' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-3639). This update fixes this vulnerability." ); script_set_attribute( attribute:"see_also", value:"http://bugs.proftpd.org/show_bug.cgi?id=3275" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_autohost"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_ban"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_case"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_ctrls_admin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_gss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_ifsession"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_load"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_radius"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_sql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_radius"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_ratio"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_rewrite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_sftp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_shaper"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_site_misc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_sql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_sql_mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_sql_postgres"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_time"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_tls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_vroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_wrap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_wrap_file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_wrap_sql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2009.0", reference:"proftpd-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-devel-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_autohost-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_ban-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_case-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_ctrls_admin-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_gss-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_ifsession-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_ldap-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_load-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_quotatab-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_quotatab_file-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_quotatab_ldap-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_quotatab_radius-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_quotatab_sql-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_radius-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_ratio-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_rewrite-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_shaper-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_site_misc-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_sql-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_sql_mysql-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_sql_postgres-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_time-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_tls-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_vroot-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_wrap-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_wrap_file-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_wrap_sql-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-devel-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_autohost-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_ban-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_case-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_ctrls_admin-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_gss-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_ifsession-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_ldap-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_load-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_quotatab-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_quotatab_file-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_quotatab_ldap-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_quotatab_radius-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_quotatab_sql-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_radius-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_ratio-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_rewrite-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_sftp-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_shaper-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_site_misc-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_sql-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_sql_mysql-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_sql_postgres-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_time-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_tls-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_vroot-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_wrap-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_wrap_file-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_wrap_sql-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family FTP NASL id PROFTPD_1_3_3RC2.NASL description The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is 1.3.2x prior to 1.3.2b or 1.3.3x prior to 1.3.3rc2 and is affected by a mitigation bypass vulnerability when the dNSNameRequired TLS option is enabled. last seen 2020-06-01 modified 2020-06-02 plugin id 106752 published 2018-02-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106752 title ProFTPD < 1.3.2b / 1.3.3x < 1.3.3rc2 client-hostname restriction bypass code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(106752); script_version("1.4"); script_cvs_date("Date: 2019/11/08"); script_cve_id("CVE-2009-3639"); script_bugtraq_id(36804); script_name(english:"ProFTPD < 1.3.2b / 1.3.3x < 1.3.3rc2 client-hostname restriction bypass"); script_summary(english:"Checks version of ProFTPD."); script_set_attribute(attribute:"synopsis", value: "The remote FTP server is affected by a Denial of Service vulnerability."); script_set_attribute(attribute:"description", value: "The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is 1.3.2x prior to 1.3.2b or 1.3.3x prior to 1.3.3rc2 and is affected by a mitigation bypass vulnerability when the dNSNameRequired TLS option is enabled."); script_set_attribute(attribute:"see_also", value:"http://bugs.proftpd.org/show_bug.cgi?id=3275"); script_set_attribute(attribute:"solution", value: "Upgrade to ProFTPD version 1.3.2b / 1.3.3rc2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(310); script_set_attribute(attribute:"vuln_publication_date", value:"2008/08/06"); script_set_attribute(attribute:"patch_publication_date", value:"2008/10/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/12"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:proftpd:proftpd"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"FTP"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ftp_overflow.nasl", "ftpserver_detect_type_nd_version.nasl"); script_require_keys("ftp/proftpd", "Settings/ParanoidReport"); script_require_ports("Services/ftp", 21); exit(0); } include("audit.inc"); include("ftp_func.inc"); include("global_settings.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_ftp_port(default: 21, broken:TRUE); app = "ProFTPD"; banner = get_ftp_banner(port:port); if (!banner) audit(AUDIT_NO_BANNER, port); if (app >!< banner) audit(AUDIT_NOT_DETECT, app, port); matches = pregmatch(string:banner, pattern:"ProFTPD ([0-9a-z.]+) "); if (isnull(matches)) audit(AUDIT_SERVICE_VER_FAIL, app, port); version = matches[1]; if (version =~ '^1(\\.3)?$') audit(AUDIT_VER_NOT_GRANULAR, app, version); if ( version =~ "^0($|\.)" || version =~ "^1\.[0-2]($|\.)" || version =~ "^1\.3\.1($|[^0-9])" || version =~ "^1\.3\.2(rc[1-4]|a)?($|[^0-9b-z])"|| version =~ "^1\.3\.3(rc1)?($|[^0-9a-z])" ) { report = '\n Version source : ' + chomp(banner) + '\n Installed version : ' + version + '\n Fixed version : 1.3.2b / 1.3.3rc2\n'; security_report_v4(severity:SECURITY_WARNING, port:port, extra:report); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, app, port, version);
NASL family Fedora Local Security Checks NASL id FEDORA_2009-11649.NASL description This update fixes CVE-2009-3639, in which proftpd last seen 2020-06-01 modified 2020-06-02 plugin id 42845 published 2009-11-19 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42845 title Fedora 11 : proftpd-1.3.2b-1.fc11 (2009-11649) NASL family Fedora Local Security Checks NASL id FEDORA_2009-11666.NASL description This update fixes CVE-2009-3639, in which proftpd last seen 2020-06-01 modified 2020-06-02 plugin id 42846 published 2009-11-19 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42846 title Fedora 10 : proftpd-1.3.2b-1.fc10 (2009-11666)
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 36804 CVE ID: CVE-2009-3639 ProFTPD是一款开放源代码FTP服务程序。 ProFTPD的mod_tls模块没有正确地处理X.509证书主题通用名称(CN)字段域名中的空字符(\0),在处理包含有空字符的证书字段时错误地将空字符处理为截止字符,因此只会验证空字符前的部分。例如,对于类似于以下的名称: example.com\0.haxx.se 证书是发布给haxx.se的,但mod_tls模块错误的验证给example.com,这有助于攻击者通过中间人攻击执行网络钓鱼等欺骗。 必须满足以下mod_tls配置的情况下服务器才受这个漏洞影响: # Reverse DNS resolution MUST be on for this bug to manifest UseReverseDNS on <IfModule mod_tls.c> TLSEngine on # We have to be verifying clients' certs for this bug to manifest TLSVerifyClient on # and we have to be requiring that the subjectAltName field of the # client's certificate be a DNS name which matches the DNS name to which # the client's IP address was resolved TLSOptions dNSNameRequired </IfModule> ProFTPD Project ProFTPD 1.3 ProFTPD Project ProFTPD 1.2 厂商补丁: ProFTPD Project --------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3rc2.tar.gz |
id | SSV:12523 |
last seen | 2017-11-19 |
modified | 2009-10-27 |
published | 2009-10-27 |
reporter | Root |
title | ProFTPD mod_tls模块CA SSL证书验证漏洞 |
References
- http://bugs.proftpd.org/show_bug.cgi?id=3275
- http://marc.info/?l=oss-security&m=125630966510672&w=2
- http://marc.info/?l=oss-security&m=125632960508211&w=2
- http://secunia.com/advisories/37131
- http://secunia.com/advisories/37219
- http://www.debian.org/security/2009/dsa-1925
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:288
- http://www.securityfocus.com/bid/36804
- https://bugzilla.redhat.com/show_bug.cgi?id=530719
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53936
- https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00642.html
- https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00649.html