CVE-1999-1475

3 documents3 sources

Severity

4.6MEDIUM

EPSS

0.1%

top 72.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Proftpd Project Proftpd

Timeline

PublishedNov 19

Latest updateApr 30

Description

ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDproftpd_project/proftpd1.2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-x3q5-jc99-rf4p: ProFTPd 1↗2022-04-30

▶

CVEList

CVE-1999-1475: ProFTPd 1↗2001-09-12

▶