Lucene search
K

10 matches found

OpenVAS
OpenVAS
added 2020/09/08 12:0 a.m.34 views

QNAP QTS Multiple ProFTPD Vulnerabilities

QNAP QTS is prone to multiple vulnerabilities in ProFTPD and other components. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9CVSS7AI score0.19507EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.35 views

openSUSE Security Update : proftpd (openSUSE-2019-1836)

This update for proftpd fixes the following issues : Security issues fixed : - CVE-2019-12815: Fixed arbitrary file copy in modcopy that allowed for remote code execution and information disclosure without authentication bnc1142281. C Tenable Network Security, Inc. The descriptive text and packag...

9.8CVSS7.7AI score0.57606EPSS
Exploits1References3
ALT Linux
ALT Linux
added 2018/01/02 12:0 a.m.38 views

Security fix for the ALT Linux 8 package proftpd version 1.3.5-alt4.rel.e

Jan. 2, 2018 Konstantin Lepikhov 1.3.5-alt4.rel.e - 1.3.5e release: + Backported fix for "AllowChrootSymlinks off" checking each component for symlinks CVE-2017-7418. - minor .spec cleanup...

2.1CVSS7.7AI score0.00419EPSS
Exploits0
OSV
OSV
added 2017/04/24 7:27 a.m.8 views

MGASA-2017-0115 Updated proftpd packages fix security vulnerability

ProFTPD before 1.3.5e controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks...

5.5CVSS5.4AI score0.00419EPSS
Exploits0References3
Slackware Linux
Slackware Linux
added 2017/04/22 4:42 p.m.41 views

[slackware-security] proftpd

New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/proftpd-1.3.5e-i586-1slack14.2.txz: Upgraded. This release fixes a security issue: AllowChrootSymlink...

5.5CVSS6.1AI score0.00419EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/04/20 12:0 a.m.41 views

Fedora 25 : proftpd (2017-c6f424c3ff)

Current upstream maintenance release for the 1.3.5 series. Includes fix for CVE-2017-7418, where not all path elements were checked for symlinks when using a chroot, so attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component other than the last one...

5.5CVSS6AI score0.00419EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/04/19 12:0 a.m.24 views

Fedora 24 : proftpd (2017-e15e37b689)

Current upstream maintenance release for the 1.3.5 series. Includes fix for CVE-2017-7418, where not all path elements were checked for symlinks when using a chroot, so attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component other than the last one...

5.5CVSS6AI score0.00419EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/04/18 12:0 a.m.67 views

openSUSE Security Update : proftpd (openSUSE-2017-481)

This update for proftpd to version 1.3.5d fixes the following issues : This security issue was fixed : - CVE-2017-7418: ProFTPD checked only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path...

5.5CVSS6AI score0.00419EPSS
Exploits0References2
OSV
OSV
added 2017/04/04 5:59 p.m.2 views

DEBIAN-CVE-2017-7418

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass th...

5.5CVSS5.4AI score0.00419EPSS
Exploits0References1
CVE
CVE
added 2017/04/04 5:0 p.m.659 views

CVE-2017-7418

ProFTPD vulnerable: versions 1.3.5e and 1.3.6 before 1.3.6rc5 improperly enforce AllowChrootSymlinks by checking only the last path component, allowing local attackers to bypass symlink restrictions when reconfiguring a user’s home directory. The issue is fixed in later releases (notably upstream...

5.5CVSS5.5AI score0.00419EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder