CVE-1999-1475 - ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which al

CVE-1999-1475

Summary

ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.

References

http://www.securityfocus.com/archive/1/35483
http://www.securityfocus.com/bid/812

Vulnerable Configurations

cpe:2.3:a:proftpd_project:proftpd:1.2:*:*:*:*:*:*:*
cpe:2.3:a:proftpd_project:proftpd:1.2:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 05-09-2008 - 20:19)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	812
bugtraq	19991119 ProFTPd - mod_sqlpw.c

Last major update

05-09-2008 - 20:19

Published

19-11-1999 - 05:00

Last modified

05-09-2008 - 20:19