CVE-2005-2390
CVSS6.4
发布时间 :2005-07-27 00:00:00
修订时间 :2016-10-17 23:26:39
NMCOPS    

[原文]Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.


[CNNVD]开源软件 ProFTPD shutdown/mod_sql 格式化字符串漏洞(CNNVD-200507-275)

        ProFTPD是一款开放源代码FTP服务程序。
        ProFTPD中存在格式化字符串漏洞。攻击者可以在ftpshut命令输入特定的shutdown消息或者使用mod_sql提供的SQLShowInfo命令,就可以造成ftp服务器拒绝服务或得到敏感信息。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:proftpd_project:proftpd:1.2.9
cpe:/a:proftpd_project:proftpd:1.2.6_rc3
cpe:/a:proftpd_project:proftpd:1.2.0_rc3
cpe:/a:proftpd_project:proftpd:1.2.10_rc3
cpe:/a:proftpd_project:proftpd:1.2.10_rc2
cpe:/a:proftpd_project:proftpd:1.2.10_rc1
cpe:/a:proftpd_project:proftpd:1.2.5_rc2
cpe:/a:proftpd_project:proftpd:1.2.5_rc3
cpe:/a:proftpd_project:proftpd:1.2.10
cpe:/a:proftpd_project:proftpd:1.2.1_final
cpe:/a:proftpd_project:proftpd:1.2.5_rc1
cpe:/a:proftpd_project:proftpd:1.2.0_rc2
cpe:/a:proftpd_project:proftpd:1.2.0_rc1
cpe:/a:proftpd_project:proftpd:1.2.7_rc2
cpe:/a:proftpd_project:proftpd:1.2.0_pre10
cpe:/a:proftpd_project:proftpd:1.2.7_rc3
cpe:/a:proftpd_project:proftpd:1.2.8_rc1
cpe:/a:proftpd_project:proftpd:1.2.2_rc3
cpe:/a:proftpd_project:proftpd:1.2.8_rc2
cpe:/a:proftpd_project:proftpd:1.2.1
cpe:/a:proftpd_project:proftpd:1.2.2
cpe:/a:proftpd_project:proftpd:1.2.0_pre9
cpe:/a:proftpd_project:proftpd:1.2.6_rc2
cpe:/a:proftpd_project:proftpd:1.2.7
cpe:/a:proftpd_project:proftpd:1.2.6_rc1
cpe:/a:proftpd_project:proftpd:1.2.8
cpe:/a:proftpd_project:proftpd:1.2.5
cpe:/a:proftpd_project:proftpd:1.2.6
cpe:/a:proftpd_project:proftpd:1.3.0_rc1
cpe:/a:proftpd_project:proftpd:1.2.9_rc1
cpe:/a:proftpd_project:proftpd:1.2.7_rc1
cpe:/a:proftpd_project:proftpd:1.2.3
cpe:/a:proftpd_project:proftpd:1.2.4
cpe:/a:proftpd_project:proftpd:1.2.9_rc2
cpe:/a:proftpd_project:proftpd:1.2.9_rc3
cpe:/a:proftpd_project:proftpd:1.2.2_rc2
cpe:/a:proftpd_project:proftpd:1.2.2_rc1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2390
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2390
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200507-275
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=112604373503912&w=2
(UNKNOWN)  OPENPKG  OpenPKG-SA-2005.020
http://www.debian.org/security/2005/dsa-795
(UNKNOWN)  DEBIAN  DSA-795
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2
(UNKNOWN)  CONFIRM  http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2
http://www.securityfocus.com/bid/14380
(UNKNOWN)  BID  14380
http://www.securityfocus.com/bid/14381
(UNKNOWN)  BID  14381

- 漏洞信息

开源软件 ProFTPD shutdown/mod_sql 格式化字符串漏洞
中危 格式化字符串
2005-07-27 00:00:00 2005-10-20 00:00:00
远程  
        ProFTPD是一款开放源代码FTP服务程序。
        ProFTPD中存在格式化字符串漏洞。攻击者可以在ftpshut命令输入特定的shutdown消息或者使用mod_sql提供的SQLShowInfo命令,就可以造成ftp服务器拒绝服务或得到敏感信息。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.proftpd.org/

- 漏洞信息 (F39039)

Gentoo Linux Security Advisory 200508-2 (PacketStormID:F39039)
2005-08-05 00:00:00
Gentoo  security.gentoo.org
advisory,vulnerability
linux,gentoo
CVE-2005-2390
[点击下载]

Gentoo Linux Security Advisory GLSA 200508-02 - infamous42md reported that ProFTPD is vulnerable to format string vulnerabilities when displaying a shutdown message containing the name of the current directory, and when displaying response messages to the client using information retrieved from a database using mod_sql. Versions less than 1.2.10-r7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200508-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: ProFTPD: Format string vulnerabilities
      Date: August 01, 2005
      Bugs: #100364
        ID: 200508-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Under specific circumstances, ProFTPD is vulnerable to format string
vulnerabilities, potentially resulting in the execution of arbitrary
code.

Background
==========

ProFTPD is a configurable GPL-licensed FTP server software.

Affected packages
=================

    -------------------------------------------------------------------
     Package          /   Vulnerable   /                    Unaffected
    -------------------------------------------------------------------
  1  net-ftp/proftpd      < 1.2.10-r7                     >= 1.2.10-r7

Description
===========

"infamous42md" reported that ProFTPD is vulnerable to format string
vulnerabilities when displaying a shutdown message containing the name
of the current directory, and when displaying response messages to the
client using information retrieved from a database using mod_sql.

Impact
======

A remote attacker could create a directory with a malicious name that
would trigger the format string issue if specific variables are used in
the shutdown message, potentially resulting in a Denial of Service or
the execution of arbitrary code with the rights of the user running the
ProFTPD server. An attacker with control over the database contents
could achieve the same result by introducing malicious messages that
would trigger the other format string issue when used in server
responses.

Workaround
==========

Do not use the "%C", "%R", or "%U" in shutdown messages, and do not set
the "SQLShowInfo" directive.

Resolution
==========

All ProFTPD users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.2.10-r7"

References
==========

  [ 1 ] CAN-2005-2390
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2390

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200508-02.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息

18270
ProFTPD ftpshut Shutdown Message Format String
Local Access Required, Local / Remote, Context Dependent Input Manipulation
Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit Unknown

- 漏洞描述

ProFTPD contains a flaw that may allow a malicious user to modify memory buffers. The issue is triggered when the %C, %R, and %U variables are used in the shutdown message configuration (ftpshut). A rogue user, if allowed to create directories, can name one in such a way that the %C option will print data in memory buffers. The two other options which might be vulnerable to the same abuse are user name, and remote host name.

- 时间线

2005-07-26 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.3.0rc2 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Do not use variables for shutdown commands in the ProFTPD configuration file.

- 相关参考

- 漏洞作者

- 漏洞信息

ProFTPD Shutdown Message Format String Vulnerability
Input Validation Error 14381
Yes No
2005-07-26 12:00:00 2009-07-12 04:06:00
Discovery is credited to infamous42md.

- 受影响的程序版本

Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux 10 F...
TurboLinux Personal
TurboLinux Multimedia
Turbolinux Home
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Enterprise Linux 2.0
ProFTPD Project ProFTPD 1.3 .0rc1
ProFTPD Project ProFTPD 1.2.10
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
ProFTPD Project ProFTPD 1.2.9 rc3
ProFTPD Project ProFTPD 1.2.9 rc2
ProFTPD Project ProFTPD 1.2.9 rc1
ProFTPD Project ProFTPD 1.2.9
+ Mandriva Linux Mandrake 10.0
+ OpenPKG OpenPKG 2.0
+ OpenPKG OpenPKG 1.3
+ OpenPKG OpenPKG Current
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux 8.1
+ Slackware Linux -current
ProFTPD Project ProFTPD 1.2.8 rc2
ProFTPD Project ProFTPD 1.2.8 rc1
ProFTPD Project ProFTPD 1.2.8
+ Slackware Linux 9.0
+ Slackware Linux 8.1
+ Slackware Linux -current
ProFTPD Project ProFTPD 1.2.7 rc3
ProFTPD Project ProFTPD 1.2.7 rc2
ProFTPD Project ProFTPD 1.2.7 rc1
ProFTPD Project ProFTPD 1.2.7
+ Sun Cobalt Qube 3
ProFTPD Project ProFTPD 1.2.6
ProFTPD Project ProFTPD 1.2.5 rc1
ProFTPD Project ProFTPD 1.2.5
ProFTPD Project ProFTPD 1.2.4
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
ProFTPD Project ProFTPD 1.2.3
ProFTPD Project ProFTPD 1.2.2 rc3
ProFTPD Project ProFTPD 1.2.2 rc1
ProFTPD Project ProFTPD 1.2.2
ProFTPD Project ProFTPD 1.2.1
ProFTPD Project ProFTPD 1.2 pre9
ProFTPD Project ProFTPD 1.2 pre8
ProFTPD Project ProFTPD 1.2 pre7
ProFTPD Project ProFTPD 1.2 pre6
ProFTPD Project ProFTPD 1.2 pre5
ProFTPD Project ProFTPD 1.2 pre4
ProFTPD Project ProFTPD 1.2 pre3
ProFTPD Project ProFTPD 1.2 pre2
ProFTPD Project ProFTPD 1.2 pre11
ProFTPD Project ProFTPD 1.2 pre10
ProFTPD Project ProFTPD 1.2 pre1
ProFTPD Project ProFTPD 1.2 .0rc3
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
ProFTPD Project ProFTPD 1.2 .0rc2
ProFTPD Project ProFTPD 1.2 .0rc1
ProFTPD Project ProFTPD 1.2
+ Cobalt Qube 3.0
+ Cobalt Qube 2.0
+ Cobalt RaQ 3.0
+ Cobalt RaQ 2.0
+ Cobalt RaQ 1.1
OpenPKG OpenPKG 2.4
OpenPKG OpenPKG 2.3
OpenPKG OpenPKG Current
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Gentoo Linux
Conectiva Linux 10.0
ProFTPD Project ProFTPD 1.3 .0rc2

- 不受影响的程序版本

ProFTPD Project ProFTPD 1.3 .0rc2

- 漏洞讨论

A format-string vulnerability affects ProFTPD. This issue occurs when the server prints a shutdown message containing certain variables such as the current directory. If an attacker could create a directory on the server, this may trigger this issue.

Successful exploitation will result in arbitrary code execution in the context of the server.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案


This issue has been addressed in ProFTPD 1.3.0rc2.

Please see the referenced advisories for more information.


ProFTPD Project ProFTPD 1.2 .0rc3

ProFTPD Project ProFTPD 1.2 pre9

ProFTPD Project ProFTPD 1.2 .0rc2

ProFTPD Project ProFTPD 1.2 pre7

ProFTPD Project ProFTPD 1.2

ProFTPD Project ProFTPD 1.2 pre10

ProFTPD Project ProFTPD 1.2 pre5

ProFTPD Project ProFTPD 1.2 pre4

ProFTPD Project ProFTPD 1.2 .0rc1

ProFTPD Project ProFTPD 1.2 pre8

ProFTPD Project ProFTPD 1.2 pre11

ProFTPD Project ProFTPD 1.2 pre6

ProFTPD Project ProFTPD 1.2 pre1

ProFTPD Project ProFTPD 1.2 pre3

ProFTPD Project ProFTPD 1.2 pre2

ProFTPD Project ProFTPD 1.2.1

ProFTPD Project ProFTPD 1.2.10

ProFTPD Project ProFTPD 1.2.2 rc1

ProFTPD Project ProFTPD 1.2.2

ProFTPD Project ProFTPD 1.2.2 rc3

ProFTPD Project ProFTPD 1.2.3

ProFTPD Project ProFTPD 1.2.4

ProFTPD Project ProFTPD 1.2.5 rc1

ProFTPD Project ProFTPD 1.2.5

ProFTPD Project ProFTPD 1.2.6

ProFTPD Project ProFTPD 1.2.7 rc2

ProFTPD Project ProFTPD 1.2.7 rc3

ProFTPD Project ProFTPD 1.2.7 rc1

ProFTPD Project ProFTPD 1.2.7

ProFTPD Project ProFTPD 1.2.8

ProFTPD Project ProFTPD 1.2.8 rc2

ProFTPD Project ProFTPD 1.2.8 rc1

ProFTPD Project ProFTPD 1.2.9 rc3

ProFTPD Project ProFTPD 1.2.9 rc2

ProFTPD Project ProFTPD 1.2.9

ProFTPD Project ProFTPD 1.2.9 rc1

ProFTPD Project ProFTPD 1.3 .0rc1

OpenPKG OpenPKG 2.3

OpenPKG OpenPKG 2.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站