SUSE CVE-2017-7418

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass th...

ProFTPD Local Security Bypass Vulnerability

ProFTPD is an FTP server program for Unix or Unix-like platforms such as Linux, FreeBSD, etc.. A local security bypass vulnerability exists in ProFTPD version 1.3.6 before 1.3.5e and 1.3.6 before 1.3.6rc5, which allows a local attacker to bypass the AllowChrootSymlinks control by replacing one of...

UBUNTU-CVE-2017-7418

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass th...

PT-2017-17724 · Proftpd +2 · Proftpd +2

Name of the Vulnerable Software and Affected Versions: ProFTPD versions prior to 1.3.5e ProFTPD versions 1.3.6 prior to 1.3.6rc5 Description: The issue allows attackers with local access to bypass the AllowChrootSymlinks control by replacing a path component other than the last one with a symboli...