1556 matches found
CVE-2019-19270
An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry checking twice for subject, rather than once for subject and once for issuer prevents some valid CRLs from being taken into account, and can allow clients whose certificate...
CVE-2019-19270
ProFTPD TLS CRL check flaw: tls_verify_crl in ProFTPD up to 1.3.6b does not properly verify CRL entry fields, potentially allowing revoked certificates to connect. OpenSUSE/Fedora advisories fix CVE-2019-19270 by updating ProFTPD to 1.3.6b (and later) and related patches in 1.3.6/1.3.6a/b. Applie...
CVE-2019-19270
An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry checking twice for subject, rather than once for subject and once for issuer prevents some valid CRLs from being taken into account, and can allow clients whose certificate...
CVE-2019-19271
An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries installed by a system administrator, can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to...
CVE-2019-19271
An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries installed by a system administrator, can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to...
CVE-2019-19271
CVE-2019-19271 affects ProFTPD, where the tls_verify_crl check in versions before 1.3.6 uses a wrong iteration variable when comparing a client certificate against CRL entries. This can cause certain CRL entries to be ignored, potentially allowing clients with revoked certificates to establish a ...
CVE-2019-19272
CVE-2019-19272 affects ProFTPD before 1.3.6. The issue is a NULL pointer dereference in tls_verify_crl during TLS mutual-auth validation, causing a crash (availability impact). The root cause is direct dereference of a NULL pointer in certificate validation. Affected versions are ProFTPD prior to...
CVE-2019-19272
An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer a variable initialized to NULL leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup...
PT-2019-15797 · Openssl +3 · Openssl +3
Name of the Vulnerable Software and Affected Versions: ProFTPD versions through 1.3.6b Description: An issue was discovered in the tls verify crl function. A dereference of a NULL pointer may occur when the OpenSSL sk X509 REVOKED value function encounters an empty CRL installed by a system...
PT-2019-15798 · Proftpd +2 · Proftpd +2
Name of the Vulnerable Software and Affected Versions: ProFTPD versions prior to 1.3.7 Description: An issue was discovered in the tls verify crl function, which prevents some valid Certificate Revocation Lists CRLs from being taken into account. This can allow clients whose certificates have bee...
MGASA-2019-0314 Updated proftpd packages fix security vulnerabilities
Updated proftpd package fixes security vulnerabilities: It was discovered that the modcopy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands CVE-2019-12815. It was discovered that due to incorrect handling of overly long commands, a...
Updated proftpd packages fix security vulnerabilities
Updated proftpd package fixes security vulnerabilities: It was discovered that the modcopy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands CVE-2019-12815. It was discovered that due to incorrect handling of overly long commands, a...
Debian: Security Advisory (DSA-4559-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4559-1 : proftpd-dfsg - security update
Stephan Zeisberg discovered that missing input validation in ProFTPD, a FTP/SFTP/FTPS server, could result in denial of service via an infinite loop. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4559. The...
[SECURITY] [DSA 4559-1] proftpd-dfsg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4559-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 05, 2019 https://www.debian.org/security/faq -...
DSA-4559-1 proftpd-dfsg - security update
Bulletin has no description...
Fedora Update for proftpd FEDORA-2019-7559f29ace
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for proftpd FEDORA-2019-ae019c7e9f
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 30 Update: proftpd-1.3.6b-1.fc30
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...
Fedora 30 : proftpd (2019-7559f29ace)
This is a cumulative bug-fix update from upstream, including a fix for a pre-authentication remote denial of service issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean...