Bug#466689: security violation ... proftpd allows disabled user access ( i.e: user mysql) access to system .

Wed, 20 Feb 2008 05:02:03 -0800 

Package: proftpd
Version: 1.3.0-19
Severity: critical


proftpd allows disabled users to successfully login and access files accessable 
by that user
(i.e. all database files)

Logsnipped:
Feb 20 11:07:36 Beacon proftpd[16362]: LOGHOST 
(::ffff:83.170.124.152[::ffff:83.170.124.152]) - USER mysql (Login failed): 
Incorrect password.
Feb 20 11:07:36 Beacon proftpd[16362]: LOGHOST 
(::ffff:83.170.124.152[::ffff:83.170.124.152]) - USER mysql: Login successful.
Feb 20 11:07:37 Beacon proftpd[16362]: LOGHOST 
(::ffff:83.170.124.152[::ffff:83.170.124.152]) - Preparing to chroot to 
directory '/var/lib/mysql'
Feb 20 11:07:37 Beacon proftpd[16362]: LOGHOST 
(::ffff:83.170.124.152[::ffff:83.170.124.152]) - FTP session closed.

Passwd snippet:
mysql:x:100:102:MySQL Server,,,:/var/lib/mysql:/bin/false

Shadow snippet:
mysql:!:12369:0:99999:7:::
mysql:!!:11809:0:99999:7:::

proftpd is using the sql feature with mysql:
proftpd.conf snippet
AuthOrder mod_sql.c mod_auth_unix.c




-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.20.7Phantasia
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages proftpd depends on:
ii  adduser                3.102             Add and remove users and groups
ii  debconf                1.5.11etch1       Debian configuration management sy
ii  debianutils            2.17              Miscellaneous utilities specific t
ii  libacl1                2.2.41-1          Access control list shared library
ii  libattr1               2.4.32-1          Extended attribute shared library
ii  libc6                  2.3.6.ds1-13etch4 GNU C Library: Shared libraries
ii  libldap2               2.1.30-13.3       OpenLDAP libraries
ii  libmysqlclient15off    5.0.51-0.dotdeb.1 MySQL database client library
ii  libncurses5            5.5-5             Shared libraries for terminal hand
ii  libpam-runtime         0.79-5            Runtime support for the PAM librar
ii  libpam0g               0.79-5            Pluggable Authentication Modules l
ii  libpq4                 8.1.11-0etch1     PostgreSQL C client library
ii  libssl0.9.8            0.9.8c-4etch1     SSL shared libraries
ii  libwrap0               7.6.dbs-13        Wietse Venema's TCP wrappers libra
ii  netbase                4.29              Basic TCP/IP networking system
ii  perl                   5.8.8-7etch1      Larry Wall's Practical Extraction 
ii  ucf                    2.0020            Update Configuration File: preserv
ii  zlib1g                 1:1.2.3-13        compression library - runtime

proftpd recommends no packages.

-- debconf information:
* shared/proftpd/warning:
* shared/proftpd/inetd_or_standalone: standalone



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to