9 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-19269
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL...
Mageia: Security Advisory (MGASA-2019-0385)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
QNAP QTS Multiple ProFTPD Vulnerabilities
QNAP QTS is prone to multiple vulnerabilities in ProFTPD and other components. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
openSUSE: Security Advisory for proftpd (openSUSE-SU-2020:0031-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for proftpd (moderate)
openSUSE Security Update: Security update for proftpd Announcement ID: openSUSE-SU-2020:0031-1 Rating: moderate References: 1113041 1144056 1154600 1155834 1156210 1157798 1157803 Cross-References: CVE-2017-7418 CVE-2019-12815 CVE-2019-18217 CVE-2019-19269 CVE-2019-19270 Affected Products: openSU...
MGASA-2019-0385 Updated proftpd packages fix security vulnerability
An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL skX509REVOKEDvalue function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the...
Debian DLA-2018-1 : proftpd-dfsg security update
In modtls a crash with empty CRL was fixed. For Debian 8 'Jessie', this problem has been fixed in version 1.3.5e+r1.3.5-2+deb8u5. We recommend that you upgrade your proftpd-dfsg packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security...
[SECURITY] [DLA 2018-1] proftpd-dfsg security update
Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u5 CVE ID : CVE-2019-19269 In modtls a crash with empty CRL was fixed. For Debian 8 "Jessie", this problem has been fixed in version 1.3.5e+r1.3.5-2+deb8u5. We recommend that you upgrade your proftpd-dfsg packages. Further information about...
CVE-2019-19269
CVE-2019-19269 — ProFTPD TLS CRL validation NULL-deref . The issue occurs in tls_verify_crl where a NULL pointer may be dereferenced during client certificate validation in a mutual TLS setup, caused by OpenSSL sk_X509_REVOKED_value() returning a NULL for an empty CRL. Affected product is ProFTPD...