Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2017-112-03
HistoryApr 22, 2017 - 4:42 p.m.

[slackware-security] proftpd

2017-04-2216:42:55
Slackware Linux Project
www.slackware.com
22

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/proftpd-1.3.5e-i586-1_slack14.2.txz: Upgraded.
This release fixes a security issue:
AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks.
For more information, see:
https://vulners.com/cve/CVE-2017-7418
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/proftpd-1.3.5e-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/proftpd-1.3.5e-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/proftpd-1.3.5e-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/proftpd-1.3.5e-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/proftpd-1.3.5e-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/proftpd-1.3.5e-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/proftpd-1.3.5e-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/proftpd-1.3.5e-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/proftpd-1.3.5e-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/proftpd-1.3.5e-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/proftpd-1.3.5e-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/proftpd-1.3.5e-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/proftpd-1.3.6-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/proftpd-1.3.6-x86_64-1.txz

MD5 signatures:

Slackware 13.0 package:
29fac5225474d7067f752356e3da5a19 proftpd-1.3.5e-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
2b2c93e021670a9d03344ddfa28c8f72 proftpd-1.3.5e-x86_64-1_slack13.0.txz

Slackware 13.1 package:
ad63b548c174417ff0783c1206557049 proftpd-1.3.5e-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
8e96161f5a60b7f4b12a4d05fc66b108 proftpd-1.3.5e-x86_64-1_slack13.1.txz

Slackware 13.37 package:
ee0a7aee737cd3b348c75c3a4be4480f proftpd-1.3.5e-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
b02e14a5d3f0fd2ecbac46926b7b7af2 proftpd-1.3.5e-x86_64-1_slack13.37.txz

Slackware 14.0 package:
3f7c345f620b44324dc587357403c062 proftpd-1.3.5e-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
7631ac1d122b0f0cb2e7fad424851e19 proftpd-1.3.5e-x86_64-1_slack14.0.txz

Slackware 14.1 package:
7608c56fe55109efbea7e99f8dcbef52 proftpd-1.3.5e-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
ce1c02de624381d2b9811d78cb54edf8 proftpd-1.3.5e-x86_64-1_slack14.1.txz

Slackware 14.2 package:
457000b30dd692332ec9ab122743f769 proftpd-1.3.5e-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
bbd36fe6b194c63e1d9e6a8393704586 proftpd-1.3.5e-x86_64-1_slack14.2.txz

Slackware -current package:
0399494a18f2ecfbfe81a0e301ed4064 n/proftpd-1.3.6-i586-1.txz

Slackware x86_64 -current package:
bbfafeb1b6ed34f1c610715405923e5f n/proftpd-1.3.6-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg proftpd-1.3.5e-i586-1_slack14.2.txz

Related

osv 1
openvas 8
fedora 3
mageia 1
nessus 9
altlinux 1
prion 1
debiancve 1
freebsd 1
cve 1
ubuntucve 1
suse 3
osv
osv
CVE-2017-7418
2017-04-04 17:59:00
openvas
openvas
Fedora Update for proftpd FEDORA-2017-c6f424c3ff
2017-04-20 00:00:00
Fedora Update for proftpd FEDORA-2017-e15e37b689
2017-04-19 00:00:00
Mageia: Security Advisory (MGASA-2017-0115)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: proftpd-1.3.5e-1.fc24
2017-04-18 16:50:45
[SECURITY] Fedora 26 Update: proftpd-1.3.5e-1.fc26
2017-04-14 17:23:56
[SECURITY] Fedora 25 Update: proftpd-1.3.5e-1.fc25
2017-04-19 09:32:01
mageia
mageia
Updated proftpd packages fix security vulnerability
2017-04-24 10:27:32
nessus
nessus
ProFTPD < 1.3.5e / 1.3.6x < 1.3.6rc5 AllowChrootSymlinks bypass
2018-02-12 00:00:00
FreeBSD : proftpd -- user chroot escape vulnerability (770d7e91-72af-11e7-998a-08606e47f965)
2017-07-28 00:00:00
Fedora 24 : proftpd (2017-e15e37b689)
2017-04-19 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package proftpd version 1.3.5-alt4.rel.e
2018-01-02 00:00:00
prion
prion
Design/Logic Flaw
2017-04-04 17:59:00
debiancve
debiancve
CVE-2017-7418
2017-04-04 17:59:00
freebsd
freebsd
proftpd -- user chroot escape vulnerability
2017-03-06 00:00:00
cve
cve
CVE-2017-7418
2017-04-04 17:59:00
ubuntucve
ubuntucve
CVE-2017-7418
2017-04-04 00:00:00
suse
suse
Security update for proftpd (important)
2019-08-08 00:00:00
Security update for proftpd (important)
2019-08-14 00:00:00
Security update for proftpd (moderate)
2020-01-13 00:00:00

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for SSA-2017-112-03
osv1openvas8fedora3mageia1nessus9altlinux1prion1debiancve1freebsd1cve1ubuntucve1suse3