CVE-2004-0432

3 documents3 sources

Severity

7.5HIGH

EPSS

1.2%

top 20.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gentoo Linux Proftpd Project Proftpd Trustix Secure Linux

Timeline

PublishedAug 18

Latest updateApr 29

Description

ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDproftpd_project/proftpd1.2.9

▶NVDgentoo/linux5 versions+4

▶NVDtrustix/secure_linux2.0, 2.1+1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-6xxg-crg2-rwch: ProFTPD 1↗2022-04-29

▶

CVEList

CVE-2004-0432: ProFTPD 1↗2004-05-05

▶