Vulnerability Name:

CVE-2005-2390 (CCN-21528)

Assigned:2005-07-26
Published:2005-07-26
Updated:2016-10-18
Summary:Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-2390

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2005.020

Source: CCN
Type: SA16181
ProFTPD Two Format String Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
16181

Source: DEBIAN
Type: UNKNOWN
DSA-795

Source: CCN
Type: ProFTPD Web page
ProFTPD

Source: CCN
Type: ProFTPD Web site
1.3.0 Release Notes

Source: CONFIRM
Type: UNKNOWN
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2

Source: BID
Type: UNKNOWN
14380

Source: CCN
Type: BID-14380
ProFTPD SQLShowInfo SQL Output Format String Vulnerability

Source: BID
Type: UNKNOWN
14381

Source: CCN
Type: BID-14381
ProFTPD Shutdown Message Format String Vulnerability

Source: XF
Type: UNKNOWN
proftpd-shutdown-format-string(21528)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:proftpd_project:proftpd:1.2.0_pre9:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.0_pre10:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.0_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.0_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.0_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.1_final:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.2_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.2_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.2_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.5_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.5_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.5_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.6_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.6_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.6_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.7_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.7_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.7_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.8_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.8_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.9_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.9_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.9_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.10_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.10_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.10_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.3.0_rc1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:proftpd:proftpd:1.2.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.2:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.8:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.8:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.9:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.3.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.9:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.9:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.7:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.7:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.7:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.5:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.10:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.10:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.10:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.6_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.6:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.6:rc1:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.5:rc3:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.5:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.2:rc2:*:*:*:*:*:*
  • OR cpe:/a:proftpd_project:proftpd:1.2.1_final:*:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.0:pre10:*:*:*:*:*:*
  • OR cpe:/a:proftpd:proftpd:1.2.0:pre9:*:*:*:*:*:*
  • AND
  • cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2005-2390 (CCN-21530)

    Assigned:2005-07-26
    Published:2005-07-26
    Updated:2016-10-18
    Summary:Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
    CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): None
    Availibility (A): Partial
    6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): None
    Availibility (A): Partial
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2005-2390

    Source: CCN
    Type: SA16181
    ProFTPD Two Format String Vulnerabilities

    Source: DEBIAN
    Type: DSA-795
    proftpd -- potential code execution

    Source: CCN
    Type: GLSA-200508-02
    ProFTPD: Format string vulnerabilities

    Source: CCN
    Type: OpenPKG-SA-2005.020
    ProFPTD

    Source: CCN
    Type: ProFTPD Web page
    ProFTPD

    Source: CCN
    Type: ProFTPD Web site
    1.3.0 Release Notes

    Source: CCN
    Type: BID-14380
    ProFTPD SQLShowInfo SQL Output Format String Vulnerability

    Source: CCN
    Type: BID-14381
    ProFTPD Shutdown Message Format String Vulnerability

    Source: CCN
    Type: TLSA-2005-82
    Format String Vulnerability

    Source: XF
    Type: UNKNOWN
    proftpd-modsql-format-string(21530)

    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:795
    V
    		potential code execution
    2013-01-21
    BACK
    proftpd_project proftpd 1.2.0_pre9
    proftpd_project proftpd 1.2.0_pre10
    proftpd_project proftpd 1.2.0_rc1
    proftpd_project proftpd 1.2.0_rc2
    proftpd_project proftpd 1.2.0_rc3
    proftpd_project proftpd 1.2.1
    proftpd_project proftpd 1.2.1_final
    proftpd_project proftpd 1.2.2
    proftpd_project proftpd 1.2.2_rc1
    proftpd_project proftpd 1.2.2_rc2
    proftpd_project proftpd 1.2.2_rc3
    proftpd_project proftpd 1.2.3
    proftpd_project proftpd 1.2.4
    proftpd_project proftpd 1.2.5
    proftpd_project proftpd 1.2.5_rc1
    proftpd_project proftpd 1.2.5_rc2
    proftpd_project proftpd 1.2.5_rc3
    proftpd_project proftpd 1.2.6
    proftpd_project proftpd 1.2.6_rc1
    proftpd_project proftpd 1.2.6_rc2
    proftpd_project proftpd 1.2.6_rc3
    proftpd_project proftpd 1.2.7
    proftpd_project proftpd 1.2.7_rc1
    proftpd_project proftpd 1.2.7_rc2
    proftpd_project proftpd 1.2.7_rc3
    proftpd_project proftpd 1.2.8
    proftpd_project proftpd 1.2.8_rc1
    proftpd_project proftpd 1.2.8_rc2
    proftpd_project proftpd 1.2.9
    proftpd_project proftpd 1.2.9_rc1
    proftpd_project proftpd 1.2.9_rc2
    proftpd_project proftpd 1.2.9_rc3
    proftpd_project proftpd 1.2.10
    proftpd_project proftpd 1.2.10_rc1
    proftpd_project proftpd 1.2.10_rc2
    proftpd_project proftpd 1.2.10_rc3
    proftpd_project proftpd 1.3.0_rc1
    proftpd proftpd 1.2.0 rc2
    proftpd proftpd 1.2.4
    proftpd proftpd 1.2.2 rc3
    proftpd proftpd 1.2.5
    proftpd proftpd 1.2.7
    proftpd proftpd 1.2.8
    proftpd proftpd 1.2.8 rc1
    proftpd proftpd 1.2.8 rc2
    proftpd proftpd 1.2.9 rc1
    proftpd proftpd 1.2.10
    proftpd proftpd 1.2.9
    proftpd proftpd 1.3.0 rc1
    proftpd proftpd 1.2.9 rc3
    proftpd proftpd 1.2.9 rc2
    proftpd proftpd 1.2.7 rc3
    proftpd proftpd 1.2.7 rc2
    proftpd proftpd 1.2.7 rc1
    proftpd proftpd 1.2.6
    proftpd proftpd 1.2.5 rc1
    proftpd proftpd 1.2.3
    proftpd proftpd 1.2.2 rc1
    proftpd proftpd 1.2.2
    proftpd proftpd 1.2.1
    proftpd proftpd 1.2.0 rc3
    proftpd proftpd 1.2.0 rc1
    proftpd proftpd 1.2.10 rc3
    proftpd proftpd 1.2.10 rc2
    proftpd proftpd 1.2.10 rc1
    proftpd_project proftpd 1.2.6_rc3
    proftpd proftpd 1.2.6 rc2
    proftpd proftpd 1.2.6 rc1
    proftpd proftpd 1.2.5 rc3
    proftpd proftpd 1.2.5 rc2
    proftpd proftpd 1.2.2 rc2
    proftpd_project proftpd 1.2.1_final
    proftpd proftpd 1.2.0 pre10
    proftpd proftpd 1.2.0 pre9
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 10.0