Vulnerabilities > CVE-2009-3639 - Cryptographic Issues vulnerability in Proftpd

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
proftpd
CWE-310
nessus

Summary

The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Vulnerable Configurations

Part Description Count
Application
Proftpd
8

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1925.NASL
    descriptionIt has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon, does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id44790
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44790
    titleDebian DSA-1925-1 : proftpd-dfsg - insufficient input validation
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1925. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(44790);
      script_version("1.10");
      script_cvs_date("Date: 2019/08/02 13:32:22");
    
      script_cve_id("CVE-2009-3639");
      script_bugtraq_id(36804);
      script_xref(name:"DSA", value:"1925");
    
      script_name(english:"Debian DSA-1925-1 : proftpd-dfsg - insufficient input validation");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It has been discovered that proftpd-dfsg, a virtual-hosting FTP
    daemon, does not properly handle a '\0' character in a domain name in
    the Subject Alternative Name field of an X.509 client certificate,
    when the dNSNameRequired TLS option is enabled."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2009/dsa-1925"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the proftpd-dfsg packages.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 1.3.1-17lenny4.
    
    For the oldstable distribution (etch), this problem has been fixed in
    version 1.3.0-19etch3.
    
    Binaries for the amd64 architecture will be released once they are
    available."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(310);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:proftpd-dfsg");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/10/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"proftpd", reference:"1.3.0-19etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"proftpd-doc", reference:"1.3.0-19etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"proftpd-ldap", reference:"1.3.0-19etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"proftpd-mysql", reference:"1.3.0-19etch3")) flag++;
    if (deb_check(release:"4.0", prefix:"proftpd-pgsql", reference:"1.3.0-19etch3")) flag++;
    if (deb_check(release:"5.0", prefix:"proftpd", reference:"1.3.1-17lenny4")) flag++;
    if (deb_check(release:"5.0", prefix:"proftpd-basic", reference:"1.3.1-17lenny4")) flag++;
    if (deb_check(release:"5.0", prefix:"proftpd-doc", reference:"1.3.1-17lenny4")) flag++;
    if (deb_check(release:"5.0", prefix:"proftpd-mod-ldap", reference:"1.3.1-17lenny4")) flag++;
    if (deb_check(release:"5.0", prefix:"proftpd-mod-mysql", reference:"1.3.1-17lenny4")) flag++;
    if (deb_check(release:"5.0", prefix:"proftpd-mod-pgsql", reference:"1.3.1-17lenny4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-288.NASL
    descriptionA vulnerability has been identified and corrected in proftpd : The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id42240
    published2009-10-26
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42240
    titleMandriva Linux Security Advisory : proftpd (MDVSA-2009:288)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2009:288. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(42240);
      script_version("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:52");
    
      script_cve_id("CVE-2009-3639");
      script_bugtraq_id(36804);
      script_xref(name:"MDVSA", value:"2009:288");
    
      script_name(english:"Mandriva Linux Security Advisory : proftpd (MDVSA-2009:288)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A vulnerability has been identified and corrected in proftpd :
    
    The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before
    1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not
    properly handle a '�' character in a domain name in the Subject
    Alternative Name field of an X.509 client certificate, which allows
    remote attackers to bypass intended client-hostname restrictions via a
    crafted certificate issued by a legitimate Certification Authority, a
    related issue to CVE-2009-2408 (CVE-2009-3639).
    
    This update fixes this vulnerability."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.proftpd.org/show_bug.cgi?id=3275"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(310);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_autohost");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_ban");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_case");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_ctrls_admin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_gss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_ifsession");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_load");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_file");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_radius");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_sql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_radius");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_ratio");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_rewrite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_sftp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_shaper");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_site_misc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_sql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_sql_mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_sql_postgres");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_time");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_tls");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_vroot");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_wrap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_wrap_file");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd-mod_wrap_sql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/10/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-devel-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_autohost-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_ban-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_case-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_ctrls_admin-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_gss-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_ifsession-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_ldap-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_load-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_quotatab-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_quotatab_file-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_quotatab_ldap-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_quotatab_radius-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_quotatab_sql-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_radius-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_ratio-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_rewrite-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_shaper-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_site_misc-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_sql-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_sql_mysql-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_sql_postgres-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_time-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_tls-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_vroot-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_wrap-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_wrap_file-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"proftpd-mod_wrap_sql-1.3.2-0.2mdv2009.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-devel-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_autohost-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_ban-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_case-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_ctrls_admin-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_gss-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_ifsession-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_ldap-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_load-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_quotatab-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_quotatab_file-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_quotatab_ldap-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_quotatab_radius-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_quotatab_sql-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_radius-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_ratio-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_rewrite-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_sftp-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_shaper-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_site_misc-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_sql-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_sql_mysql-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_sql_postgres-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_time-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_tls-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_vroot-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_wrap-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_wrap_file-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"proftpd-mod_wrap_sql-1.3.2-4.1mdv2009.1", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFTP
    NASL idPROFTPD_1_3_3RC2.NASL
    descriptionThe remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is 1.3.2x prior to 1.3.2b or 1.3.3x prior to 1.3.3rc2 and is affected by a mitigation bypass vulnerability when the dNSNameRequired TLS option is enabled.
    last seen2020-06-01
    modified2020-06-02
    plugin id106752
    published2018-02-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106752
    titleProFTPD < 1.3.2b / 1.3.3x < 1.3.3rc2 client-hostname restriction bypass
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106752);
      script_version("1.4");
      script_cvs_date("Date: 2019/11/08");
    
      script_cve_id("CVE-2009-3639");
      script_bugtraq_id(36804);
    
      script_name(english:"ProFTPD < 1.3.2b / 1.3.3x < 1.3.3rc2 client-hostname restriction bypass");
      script_summary(english:"Checks version of ProFTPD.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote FTP server is affected by a Denial of Service
    vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote host is using ProFTPD, a free FTP server for Unix and
    Linux.
    According to its banner, the version of ProFTPD installed on the
    remote host is 1.3.2x prior to 1.3.2b or 1.3.3x prior to 1.3.3rc2 
    and is affected by a mitigation bypass vulnerability when
    the dNSNameRequired TLS option is enabled.");
      script_set_attribute(attribute:"see_also", value:"http://bugs.proftpd.org/show_bug.cgi?id=3275");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to ProFTPD version 1.3.2b / 1.3.3rc2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(310);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/10/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/12");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:proftpd:proftpd");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"FTP");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ftp_overflow.nasl", "ftpserver_detect_type_nd_version.nasl");
      script_require_keys("ftp/proftpd", "Settings/ParanoidReport");
      script_require_ports("Services/ftp", 21);
    
      exit(0);
    }
    
    include("audit.inc");
    include("ftp_func.inc");
    include("global_settings.inc");
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    port = get_ftp_port(default: 21, broken:TRUE);
    
    app = "ProFTPD";
    banner = get_ftp_banner(port:port);
    if (!banner) audit(AUDIT_NO_BANNER, port);
    if (app >!< banner) audit(AUDIT_NOT_DETECT, app, port);
    
    matches = pregmatch(string:banner, pattern:"ProFTPD ([0-9a-z.]+) ");
    if (isnull(matches)) audit(AUDIT_SERVICE_VER_FAIL, app, port);
    version = matches[1];
    
    if (version =~ '^1(\\.3)?$') audit(AUDIT_VER_NOT_GRANULAR, app, version);
    
    if (
      version =~ "^0($|\.)" ||
      version =~ "^1\.[0-2]($|\.)" ||
      version =~ "^1\.3\.1($|[^0-9])" ||
      version =~ "^1\.3\.2(rc[1-4]|a)?($|[^0-9b-z])"||
      version =~ "^1\.3\.3(rc1)?($|[^0-9a-z])"
    )
    {
      report =
        '\n  Version source    : ' + chomp(banner) +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : 1.3.2b / 1.3.3rc2\n';
      security_report_v4(severity:SECURITY_WARNING, port:port, extra:report);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, app, port, version);
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-11649.NASL
    descriptionThis update fixes CVE-2009-3639, in which proftpd
    last seen2020-06-01
    modified2020-06-02
    plugin id42845
    published2009-11-19
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42845
    titleFedora 11 : proftpd-1.3.2b-1.fc11 (2009-11649)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-11666.NASL
    descriptionThis update fixes CVE-2009-3639, in which proftpd
    last seen2020-06-01
    modified2020-06-02
    plugin id42846
    published2009-11-19
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42846
    titleFedora 10 : proftpd-1.3.2b-1.fc10 (2009-11666)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 36804 CVE ID: CVE-2009-3639 ProFTPD是一款开放源代码FTP服务程序。 ProFTPD的mod_tls模块没有正确地处理X.509证书主题通用名称(CN)字段域名中的空字符(\0),在处理包含有空字符的证书字段时错误地将空字符处理为截止字符,因此只会验证空字符前的部分。例如,对于类似于以下的名称: example.com\0.haxx.se 证书是发布给haxx.se的,但mod_tls模块错误的验证给example.com,这有助于攻击者通过中间人攻击执行网络钓鱼等欺骗。 必须满足以下mod_tls配置的情况下服务器才受这个漏洞影响: # Reverse DNS resolution MUST be on for this bug to manifest UseReverseDNS on &lt;IfModule mod_tls.c&gt; TLSEngine on # We have to be verifying clients' certs for this bug to manifest TLSVerifyClient on # and we have to be requiring that the subjectAltName field of the # client's certificate be a DNS name which matches the DNS name to which # the client's IP address was resolved TLSOptions dNSNameRequired &lt;/IfModule&gt; ProFTPD Project ProFTPD 1.3 ProFTPD Project ProFTPD 1.2 厂商补丁: ProFTPD Project --------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3rc2.tar.gz
idSSV:12523
last seen2017-11-19
modified2009-10-27
published2009-10-27
reporterRoot
titleProFTPD mod_tls模块CA SSL证书验证漏洞