VULHUB ™

ProFTPD is a popular FTP server that ships with numerous Unix and Linux variants. ProFTPD contains a vulnerability which may allow for remote attackers to bypass ProFTPD access control lists or have false information logged. ProFTPD does not forward resolve reverse-resolved hostnames to verify that the IP address matches of the client matches DNS records. It may be possible for a remote attacker with control over address space to set an arbitrary hostname as the PTR record for the attacking address. This false hostname will be evaluated against the ProFTPD ACLs and recorded in log files.

ProFTPD is a popular FTP server that ships with numerous Unix and Linux variants. ProFTPD contains a vulnerability which may allow for remote attackers to bypass ProFTPD access control lists or have false information logged. ProFTPD does not forward resolve reverse-resolved hostnames to verify that the IP address matches of the client matches DNS records. It may be possible for a remote attacker with control over address space to set an arbitrary hostname as the PTR record for the attacking address. This false hostname will be evaluated against the ProFTPD ACLs and recorded in log files.