ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
| Software | From | Fixed in |
|---|---|---|
| proftpd_project / proftpd | 1.2.9 | 1.2.9.x |
| trustix / secure_linux | 2.0 | 2.0.x |
| gentoo / linux | 1.4-rc1 | 1.4-rc1.x |
| gentoo / linux | 1.4-rc3 | 1.4-rc3.x |
| gentoo / linux | 0.5 | 0.5.x |
| gentoo / linux | 1.1a | 1.1a.x |
| gentoo / linux | 1.4 | 1.4.x |
| gentoo / linux | 0.7 | 0.7.x |
| gentoo / linux | 1.2 | 1.2.x |
| trustix / secure_linux | 2.1 | 2.1.x |
| gentoo / linux | 1.4-rc2 | 1.4-rc2.x |