1557 matches found
Fedora 25 : proftpd (2017-c6f424c3ff)
Current upstream maintenance release for the 1.3.5 series. Includes fix for CVE-2017-7418, where not all path elements were checked for symlinks when using a chroot, so attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component other than the last one...
Fedora Update for proftpd FEDORA-2017-c6f424c3ff
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 25 Update: proftpd-1.3.5e-1.fc25
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...
Fedora 24 : proftpd (2017-e15e37b689)
Current upstream maintenance release for the 1.3.5 series. Includes fix for CVE-2017-7418, where not all path elements were checked for symlinks when using a chroot, so attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component other than the last one...
Fedora Update for proftpd FEDORA-2017-e15e37b689
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 26 Update: proftpd-1.3.5e-1.fc26
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...
ProFTPD Local Security Bypass Vulnerability
ProFTPD is an FTP server program for Unix or Unix-like platforms such as Linux, FreeBSD, etc.. A local security bypass vulnerability exists in ProFTPD version 1.3.6 before 1.3.5e and 1.3.6 before 1.3.6rc5, which allows a local attacker to bypass the AllowChrootSymlinks control by replacing one of...
ProFTPD < 1.3.5e, 1.3.6 < 1.3.6rc5 Local Security Bypass Vulnerability
ProFTPD server is prone to local security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:proftpd:proftpd";...
Design/Logic Flaw
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass th...
CVE-2017-7418
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass th...
CVE-2017-7418
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass th...
CVE-2017-7418
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass th...
DEBIAN-CVE-2017-7418
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass th...
UBUNTU-CVE-2017-7418
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass th...
CVE-2017-7418
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass th...
CVE-2017-7418
ProFTPD vulnerable: versions 1.3.5e and 1.3.6 before 1.3.6rc5 improperly enforce AllowChrootSymlinks by checking only the last path component, allowing local attackers to bypass symlink restrictions when reconfiguring a user’s home directory. The issue is fixed in later releases (notably upstream...
CVE-2017-7418
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass th...
PT-2017-17724 · Proftpd +2 · Proftpd +2
Name of the Vulnerable Software and Affected Versions: ProFTPD versions prior to 1.3.5e ProFTPD versions 1.3.6 prior to 1.3.6rc5 Description: The issue allows attackers with local access to bypass the AllowChrootSymlinks control by replacing a path component other than the last one with a symboli...
proftpd -- user chroot escape vulnerability
NVD reports: ProFTPD ... controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks...
Exploit for Improper Access Control in Proftpd
ProFTPd 1.3.5 - modcopy Remote Command Execution ProFTPD i...