10 matches found
QNAP QTS Multiple ProFTPD Vulnerabilities
QNAP QTS is prone to multiple vulnerabilities in ProFTPD and other components. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
openSUSE Security Update : proftpd (openSUSE-2019-1836)
This update for proftpd fixes the following issues : Security issues fixed : - CVE-2019-12815: Fixed arbitrary file copy in modcopy that allowed for remote code execution and information disclosure without authentication bnc1142281. C Tenable Network Security, Inc. The descriptive text and packag...
Security fix for the ALT Linux 8 package proftpd version 1.3.5-alt4.rel.e
Jan. 2, 2018 Konstantin Lepikhov 1.3.5-alt4.rel.e - 1.3.5e release: + Backported fix for "AllowChrootSymlinks off" checking each component for symlinks CVE-2017-7418. - minor .spec cleanup...
MGASA-2017-0115 Updated proftpd packages fix security vulnerability
ProFTPD before 1.3.5e controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks...
[slackware-security] proftpd
New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/proftpd-1.3.5e-i586-1slack14.2.txz: Upgraded. This release fixes a security issue: AllowChrootSymlink...
Fedora 25 : proftpd (2017-c6f424c3ff)
Current upstream maintenance release for the 1.3.5 series. Includes fix for CVE-2017-7418, where not all path elements were checked for symlinks when using a chroot, so attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component other than the last one...
Fedora 24 : proftpd (2017-e15e37b689)
Current upstream maintenance release for the 1.3.5 series. Includes fix for CVE-2017-7418, where not all path elements were checked for symlinks when using a chroot, so attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component other than the last one...
openSUSE Security Update : proftpd (openSUSE-2017-481)
This update for proftpd to version 1.3.5d fixes the following issues : This security issue was fixed : - CVE-2017-7418: ProFTPD checked only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path...
DEBIAN-CVE-2017-7418
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass th...
CVE-2017-7418
ProFTPD vulnerable: versions 1.3.5e and 1.3.6 before 1.3.6rc5 improperly enforce AllowChrootSymlinks by checking only the last path component, allowing local attackers to bypass symlink restrictions when reconfiguring a user’s home directory. The issue is fixed in later releases (notably upstream...