Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2017 Greenbone AGOPENVAS:1361412562310108045
HistoryJan 18, 2017 - 12:00 a.m.

vsftpd < 3.0.3 Security Bypass Vulnerability

2017-01-1800:00:00
Copyright (C) 2017 Greenbone AG
plugins.openvas.org
26057

6.4 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.0%

JSON

vsftpd is prone to a security-bypass vulnerability.

# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:beasts:vsftpd";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.108045");
  script_cve_id("CVE-2015-1419");
  script_version("2024-03-01T14:37:10+0000");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_tag(name:"last_modification", value:"2024-03-01 14:37:10 +0000 (Fri, 01 Mar 2024)");
  script_tag(name:"creation_date", value:"2017-01-18 10:23:55 +0100 (Wed, 18 Jan 2017)");
  script_name("vsftpd < 3.0.3 Security Bypass Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_family("FTP");
  script_copyright("Copyright (C) 2017 Greenbone AG");
  script_dependencies("sw_vsftpd_detect.nasl");
  script_mandatory_keys("vsftpd/installed");

  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/72451");
  script_xref(name:"URL", value:"https://security.appspot.com/vsftpd/Changelog.txt");

  script_tag(name:"summary", value:"vsftpd is prone to a security-bypass vulnerability.");

  script_tag(name:"impact", value:"An attacker can exploit this issue to bypass certain
  security restrictions and perform unauthorized actions. This may aid in further attacks.");

  script_tag(name:"affected", value:"vsftpd versions 3.0.2 and below are vulnerable.");

  script_tag(name:"solution", value:"A fixed version 3.0.3 is available. Please see the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if( ! port = get_app_port( cpe:CPE ) )
  exit( 0 );

if( ! vers = get_app_version( cpe:CPE, port:port ) )
  exit( 0 );

if( version_is_less( version:vers, test_version:"3.0.2" ) ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:"3.0.3" );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

Related

cvelist 1
nessus 2
debiancve 1
openvas 3
prion 1
mageia 1
cve 1
ubuntucve 1
cvelist
cvelist
CVE-2015-1419
2015-01-28 11:00:00
nessus
nessus
openSUSE Security Update : vsftpd (openSUSE-2015-197)
2015-03-05 00:00:00
SuSE 11.3 Security Update : vsftpd (SAT Patch Number 10372)
2015-03-05 00:00:00
debiancve
debiancve
CVE-2015-1419
2015-01-28 11:59:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:0417-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2015-0103)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0516-1)
2021-04-19 00:00:00
prion
prion
Design/Logic Flaw
2015-01-28 11:59:00
mageia
mageia
Updated vsftpd package fixes security vulnerability
2015-03-10 19:48:25
cve
cve
CVE-2015-1419
2015-01-28 11:59:00
ubuntucve
ubuntucve
CVE-2015-1419
2015-01-28 00:00:00

6.4 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.0%

JSON
Related for OPENVAS:1361412562310108045
cvelist1nessus2debiancve1openvas3prion1mageia1cve1ubuntucve1