• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

ProFTPD CIDR Access Control Rule Bypass Vulnerability

ProFTPD has been reported prone to an access control rule bypass vulnerability. The issue was reportedly introduced when a "portability workaround" was applied to ProFTPD version 1.2.9.

This vulnerability may lead a system administrator into a false sense of security, where it is believed that access to the ProFTPD server is restricted by access control rules. In reality the access control restriction will not be enforced at all.