3 matches found
CVE-2020-5221
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in composeabspath. This has been fixed in versio...
CVE-2020-5221 Directory Traversal (Chroot Escape) vulnerability in uftpd
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in composeabspath. This has been fixed in versio...
CVE-2020-5221
Summary: CVE-2020-5221 affects uftpd prior to 2.11, where an unauthenticated user can perform a directory traversal using multiple FTP commands due to an inadequately implemented chroot in compose_abspath(), allowing read/write to arbitrary filesystem locations. The issue is mitigated by upgradin...