CVE-2001-1500

Description

ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.

Affected products

• ProFTPD Project / ProFTPD1.2 – 1.2
• ProFTPD Project / ProFTPD1.2.0_rc3 – 1.2.0_rc3
• ProFTPD Project / ProFTPD1.2.1 – 1.2.1
• ProFTPD Project / ProFTPD1.2.2 – 1.2.2
• ProFTPD Project / ProFTPD1.2.2_rc1 – 1.2.2_rc1
• ProFTPD Project / ProFTPD1.2.2_rc2 – 1.2.2_rc2
• ProFTPD Project / ProFTPD1.2_pre1 – 1.2_pre1
• ProFTPD Project / ProFTPD1.2_pre2 – 1.2_pre2
• ProFTPD Project / ProFTPD1.2_pre3 – 1.2_pre3
• ProFTPD Project / ProFTPD1.2_pre4 – 1.2_pre4
• ProFTPD Project / ProFTPD1.2_pre5 – 1.2_pre5
• ProFTPD Project / ProFTPD1.2_pre6 – 1.2_pre6
• ProFTPD Project / ProFTPD1.2_pre7 – 1.2_pre7
• ProFTPD Project / ProFTPD1.2_pre8 – 1.2_pre8
• ProFTPD Project / ProFTPD1.2_pre9 – 1.2_pre9
• ProFTPD Project / ProFTPD1.2_pre10 – 1.2_pre10
• ProFTPD Project / ProFTPD1.2_pre11 – 1.2_pre11

References

• MISChttp://www.securityfocus.com/archive/1/212805
• MISChttp://www.securityfocus.com/bid/3310
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2002:005
• MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/7126