CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Debian•added 2019/04/09 12:33 a.m.•97 views

[SECURITY] [DLA 1753-1] proftpd-dfsg security update

Package : proftpd-dfsg Version : 1.3.5e-0+deb8u1 CVE ID : not-available Debian Bug : 923926 Several memory leaks were discovered in proftpd-dfsg, a versatile, virtual-hosting FTP daemon, when modfacl or modsftp is used which could lead to memory exhaustion and a denial-of-service. For Debian 8...

6.8AI score

Tenable Nessus•added 2019/04/09 12:0 a.m.•12 views

Debian DLA-1753-3 : proftpd-dfsg regression update

The update of proftpd-dfsg issued as DLA-1753-1 caused a regression when the creation of a directory failed during sftp transfer. The sftp session would be terminated instead of failing gracefully due to a non-existing debug logging function. For Debian 8 'Jessie', this problem has been fixed in...

5.4AI score

OpenVAS•added 2019/04/09 12:0 a.m.•30 views

Debian: Security Advisory (DLA-1753-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score

OSV•added 2019/04/09 12:0 a.m.•9 views

DLA-1753-1 proftpd-dfsg - security update

Bulletin has no description...

7.2AI score

Tenable Nessus•added 2018/02/12 12:0 a.m.•32 views

ProFTPD < 1.3.2rc3 ABOR Denial of Service

The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is earlier than 1.3.2rc3 and is affected by a Denial of Service vulnerability via an ABOR command during a data transfer. C Tenable Network Security...

4CVSS5.6AI score0.00326EPSS

Tenable Nessus•added 2018/02/12 12:0 a.m.•43 views

ProFTPD < 1.3.4rc2 client-hostname restriction bypass

The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is earlier than 1.3.4rc2 and is affected by a Denial of Service vulnerability in the modsftp module. C Tenable Network Security, Inc...

5CVSS7.2AI score0.03451EPSS

Exploits1References2

Tenable Nessus•added 2018/02/12 12:0 a.m.•607 views

ProFTPD 1.3.1 SQL injection protection bypass

The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is 1.3.1x and may be affected by SQL injection protection bypass when NLS support is enabled. C Tenable Network Security, Inc. include'compat.inc'; ...

6.8CVSS7.4AI score0.00497EPSS

Tenable Nessus•added 2018/02/12 12:0 a.m.•40 views

ProFTPD < 1.3.2b / 1.3.3x < 1.3.3rc2 client-hostname restriction bypass

The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is 1.3.2x prior to 1.3.2b or 1.3.3x prior to 1.3.3rc2 and is affected by a mitigation bypass vulnerability when the dNSNameRequired TLS option is...

5.8CVSS6.7AI score0.01436EPSS

Exploits1References2

Tenable Nessus•added 2018/02/12 12:0 a.m.•73 views

ProFTPD < 1.3.5e / 1.3.6x < 1.3.6rc5 AllowChrootSymlinks bypass

The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is prior to 1.3.5e or 1.3.6x prior to 1.3.6rc5 and is affected by an issue where an attacker who is not granted full filesystem access may reconfigu...

5.5CVSS6.1AI score0.00039EPSS

Tenable Nessus•added 2018/02/12 12:0 a.m.•37 views

ProFTPD < 1.3.5b / 1.3.6x < 1.3.6rc2 weak Diffie-Hellman key

The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is prior to 1.3.5b or 1.3.6x prior to 1.3.6rc2 and is affected by an issue in the modtls module, which might cause a weaker than intended...

7.5CVSS7.2AI score0.01371EPSS

Tenable Nessus•added 2018/02/12 12:0 a.m.•198 views

ProFTPD 1.3.4d / 1.3.5rc3 Denial of Service

The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is earlier than 1.3.5rc4 and is affected by a Denial of Service vulnerability in the modsftppam module. C Tenable Network Security, Inc...

5CVSS7.2AI score0.01402EPSS

Exploits2References2

ALT Linux•added 2018/01/02 12:0 a.m.•30 views

Security fix for the ALT Linux 8 package proftpd version 1.3.5-alt4.rel.e

Jan. 2, 2018 Konstantin Lepikhov 1.3.5-alt4.rel.e - 1.3.5e release: + Backported fix for "AllowChrootSymlinks off" checking each component for symlinks CVE-2017-7418. - minor .spec cleanup...

2.1CVSS7.7AI score0.00039EPSS

Tenable Nessus•added 2017/07/28 12:0 a.m.•35 views

FreeBSD : proftpd -- user chroot escape vulnerability (770d7e91-72af-11e7-998a-08606e47f965)

NVD reports : ProFTPD ... controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks...

5.5CVSS6AI score0.00039EPSS

Tenable Nessus•added 2017/07/17 12:0 a.m.•29 views

Fedora 26 : proftpd (2017-5a01498b4b)

Current upstream maintenance release for the 1.3.5 series. Includes fix for CVE-2017-7418, where not all path elements were checked for symlinks when using a chroot, so attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component other than the last one...

5.5CVSS6AI score0.00039EPSS

VulnCheck KEV•added 2017/06/20 12:0 a.m.•1 views

VulnCheck KEV: CVE-2011-4130

Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer...

9CVSS7.5AI score0.01286EPSS

Exploits4References1

OSV•added 2017/04/24 7:27 a.m.•6 views

MGASA-2017-0115 Updated proftpd packages fix security vulnerability

ProFTPD before 1.3.5e controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks...

5.5CVSS5.4AI score0.00039EPSS

Mageia•added 2017/04/24 7:27 a.m.•41 views

Updated proftpd packages fix security vulnerability

5.5CVSS1.7AI score0.00039EPSS

Tenable Nessus•added 2017/04/24 12:0 a.m.•38 views

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : proftpd (SSA:2017-112-03)

New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-112-03. The...

5.5CVSS6AI score0.00039EPSS

Slackware Linux•added 2017/04/22 4:42 p.m.•39 views

[slackware-security] proftpd

New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/proftpd-1.3.5e-i586-1slack14.2.txz: Upgraded. This release fixes a security issue: AllowChrootSymlink...

5.5CVSS6.1AI score0.00039EPSS