Vulnerability Description
ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Proftpd Project | Proftpd | 1.2 |
References
- http://www.securityfocus.com/archive/1/35483PatchVendor Advisory
- http://www.securityfocus.com/bid/812PatchVendor Advisory
- http://www.securityfocus.com/archive/1/35483PatchVendor Advisory
- http://www.securityfocus.com/bid/812PatchVendor Advisory
FAQ
What is CVE-1999-1475?
CVE-1999-1475 is a vulnerability with a CVSS score of 4.6 (MEDIUM). ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last comm...
How severe is CVE-1999-1475?
CVE-1999-1475 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1475?
Check the references section above for vendor advisories and patch information. Affected products include: Proftpd Project Proftpd.