Vulnerability Name:

CVE-2001-1500 (CCN-7126)

Assigned:2001-09-07
Published:2001-09-07
Updated:2017-12-19
Summary:ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
References:Source: CCN
Type: BugTraq Mailing List, Fri Sep 07 2001 - 16:38:27 CDT
ProFTPd and reverse DNS

Source: CCN
Type: BugTraq Mailing List, Sat Sep 08 2001 - 03:21:37 CDT
Re: ProFTPd and reverse DNS

Source: MITRE
Type: CNA
CVE-2001-1500

Source: CONECTIVA
Type: UNKNOWN
CLA-2002:450

Source: CCN
Type: Conectiva Linux Announcement CLSA-2002:450
proftpd

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:005

Source: CCN
Type: OSVDB ID: 20212
ProFTPD Host Reverse Resolution Failure ACL Bypass

Source: BUGTRAQ
Type: UNKNOWN
20010907 ProFTPd and reverse DNS

Source: BID
Type: Patch
3310

Source: CCN
Type: BID-3310
ProFTPD Client Hostname Resolving Vulnerability

Source: XF
Type: UNKNOWN
proftpd-unresolved-hostname(7126)

Source: XF
Type: UNKNOWN
proftpd-unresolved-hostname(7126)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:proftpd_project:proftpd:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.0_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.2_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.2_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2_pre1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2_pre2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2_pre3:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2_pre4:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2_pre5:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2_pre6:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2_pre7:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2_pre8:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2_pre9:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2_pre10:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2_pre11:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:proftpd:proftpd:1.2.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.2:rc2:*:*:*:*:*:*
  • AND
  • cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:prg_graficos:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:ecommerce:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    proftpd_project proftpd 1.2
    proftpd_project proftpd 1.2.0_rc3
    proftpd_project proftpd 1.2.1
    proftpd_project proftpd 1.2.2
    proftpd_project proftpd 1.2.2_rc1
    proftpd_project proftpd 1.2.2_rc2
    proftpd_project proftpd 1.2_pre1
    proftpd_project proftpd 1.2_pre2
    proftpd_project proftpd 1.2_pre3
    proftpd_project proftpd 1.2_pre4
    proftpd_project proftpd 1.2_pre5
    proftpd_project proftpd 1.2_pre6
    proftpd_project proftpd 1.2_pre7
    proftpd_project proftpd 1.2_pre8
    proftpd_project proftpd 1.2_pre9
    proftpd_project proftpd 1.2_pre10
    proftpd_project proftpd 1.2_pre11
    proftpd proftpd 1.2.2 rc1
    proftpd proftpd 1.2.2
    proftpd proftpd 1.2.1
    proftpd proftpd 1.2.0 rc3
    proftpd proftpd 1.2.2 rc2
    conectiva linux 6.0
    conectiva linux 5.0
    conectiva linux prg_graficos
    conectiva linux ecommerce
    conectiva linux 5.1
    conectiva linux 7.0