ProFTPD Local Security Bypass Vulnerability

ProFTPD is an FTP server program for Unix or Unix-like platforms such as Linux, FreeBSD, etc.. A local security bypass vulnerability exists in ProFTPD version 1.3.6 before 1.3.5e and 1.3.6 before 1.3.6rc5, which allows a local attacker to bypass the AllowChrootSymlinks control by replacing one of...

PT-2017-17724 · Proftpd +2 · Proftpd +2

Name of the Vulnerable Software and Affected Versions: ProFTPD versions prior to 1.3.5e ProFTPD versions 1.3.6 prior to 1.3.6rc5 Description: The issue allows attackers with local access to bypass the AllowChrootSymlinks control by replacing a path component other than the last one with a symboli...