Description
ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
References (7)
Core 7
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10252
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16038
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108335051011341&w=2
Various Sources x_refsource_confirm
http://bugs.proftpd.org/show_bug.cgi?id=2267
Mailing List vendor-advisory
x_refsource_trustix
http://marc.info/?l=bugtraq&m=108335030208523&w=2
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11527
Vendor Advisory vendor-advisory
x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2004:041
Scores
EPSS
0.0123
EPSS Percentile
79.4%
Details
Status
published
Products (8)
gentoo/linux
0.5
gentoo/linux
0.7
gentoo/linux
1.1a
gentoo/linux
1.2
gentoo/linux
1.4 (4 CPE variants)
proftpd_project/proftpd
1.2.9
trustix/secure_linux
2.0
trustix/secure_linux
2.1
Published
Aug 18, 2004
Tracked Since
Feb 18, 2026