ID OPENSUSE-SU-2019:1870-1 Type suse Reporter Suse Modified 2019-08-14T12:11:26
Description
This update for proftpd fixes the following issues:
Security issues fixed:
CVE-2019-12815: Fixed arbitrary file copy in mod_copy that allowed for
remote code execution and information disclosure without authentication
(bnc#1142281).
This update was imported from the openSUSE:Leap:15.0:Update update project.
{"cve": [{"lastseen": "2020-12-09T21:41:41", "description": "An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.", "edition": 16, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-07-19T23:15:00", "title": "CVE-2019-12815", "type": "cve", "cwe": ["CWE-755"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12815"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:proftpd:proftpd:1.3.5b"], "id": "CVE-2019-12815", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12815", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:proftpd:proftpd:1.3.5b:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:36", "description": "ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-04-04T17:59:00", "title": "CVE-2017-7418", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7418"], "modified": "2019-08-08T15:15:00", "cpe": ["cpe:/a:proftpd:proftpd:1.3.5", "cpe:/a:proftpd:proftpd:1.3.6"], "id": "CVE-2017-7418", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7418", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:proftpd:proftpd:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.6:rc4:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.5:d:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.6:rc3:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:proftpd:proftpd:1.3.6:rc2:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-01-31T16:47:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12815", "CVE-2017-7418"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-08-09T00:00:00", "id": "OPENVAS:1361412562310852646", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852646", "type": "openvas", "title": "openSUSE: Security Advisory for proftpd (openSUSE-SU-2019:1836-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852646\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2017-7418\", \"CVE-2019-12815\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-09 02:01:01 +0000 (Fri, 09 Aug 2019)\");\n script_name(\"openSUSE: Security Advisory for proftpd (openSUSE-SU-2019:1836-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1836-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'proftpd'\n package(s) announced via the openSUSE-SU-2019:1836-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for proftpd fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-12815: Fixed arbitrary file copy in mod_copy that allowed for\n remote code execution and information disclosure without authentication\n (bnc#1142281).\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-1836=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1836=1\n\n - openSUSE Backports SLE-15:\n\n zypper in -t patch openSUSE-2019-1836=1\");\n\n script_tag(name:\"affected\", value:\"'proftpd' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd\", rpm:\"proftpd~1.3.5e~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-debuginfo\", rpm:\"proftpd-debuginfo~1.3.5e~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-debugsource\", rpm:\"proftpd-debugsource~1.3.5e~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-devel\", rpm:\"proftpd-devel~1.3.5e~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-doc\", rpm:\"proftpd-doc~1.3.5e~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-ldap\", rpm:\"proftpd-ldap~1.3.5e~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-ldap-debuginfo\", rpm:\"proftpd-ldap-debuginfo~1.3.5e~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-mysql\", rpm:\"proftpd-mysql~1.3.5e~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-mysql-debuginfo\", rpm:\"proftpd-mysql-debuginfo~1.3.5e~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-pgsql\", rpm:\"proftpd-pgsql~1.3.5e~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-pgsql-debuginfo\", rpm:\"proftpd-pgsql-debuginfo~1.3.5e~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-radius\", rpm:\"proftpd-radius~1.3.5e~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-radius-debuginfo\", rpm:\"proftpd-radius-debuginfo~1.3.5e~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-sqlite\", rpm:\"proftpd-sqlite~1.3.5e~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-sqlite-debuginfo\", rpm:\"proftpd-sqlite-debuginfo~1.3.5e~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-lang\", rpm:\"proftpd-lang~1.3.5e~lp150.2.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:27:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-18217", "CVE-2019-19269", "CVE-2019-12815", "CVE-2017-7418", "CVE-2019-19270"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2020-01-14T00:00:00", "id": "OPENVAS:1361412562310852985", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852985", "type": "openvas", "title": "openSUSE: Security Advisory for proftpd (openSUSE-SU-2020:0031-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852985\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2017-7418\", \"CVE-2019-12815\", \"CVE-2019-18217\", \"CVE-2019-19269\", \"CVE-2019-19270\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-14 04:01:24 +0000 (Tue, 14 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for proftpd (openSUSE-SU-2020:0031-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0031-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'proftpd'\n package(s) announced via the openSUSE-SU-2020:0031-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for proftpd fixes the following issues:\n\n * GeoIP has been discontinued by Maxmind (boo#1156210) This update removes\n module build for geoip.\n\n - CVE-2019-19269: Fixed a NULL pointer dereference may occur when\n validating the certificate of a client connecting to the server\n (boo#1157803)\n\n - CVE-2019-19270: Fixed a Failure to check for the appropriate field of a\n CRL entry prevents some valid CRLs from being taken into account\n (boo#1157798)\n\n - CVE-2019-18217: Fixed remote unauthenticated denial-of-service due to\n incorrect handling of overly long commands (boo#1154600 gh#846)\n\n Update to 1.3.6b\n\n * Fixed pre-authentication remote denial-of-service issue (Issue #846).\n\n * Backported fix for building mod_sql_mysql using MySQL 8 (Issue #824).\n\n Update to 1.3.6a:\n\n * Fixed symlink navigation (Bug#4332).\n\n * Fixed building of mod_sftp using OpenSSL 1.1.x releases (Issue#674).\n\n * Fixed SITE COPY honoring of <Limit> restrictions (Bug#4372).\n\n * Fixed segfault on login when using mod_sftp + mod_sftp_pam (Issue#656).\n\n * Fixed restarts when using mod_facl as a static module\n\n * Add missing Requires(pre): group(ftp) for Leap 15 and Tumbleweed\n (boo#1155834)\n\n * Add missing Requires(pre): user(ftp) for Leap 15 and Tumbleweed\n (boo#1155834)\n\n * Use pam_keyinit.so (boo#1144056)\n\n - Reduce hard dependency on systemd to only that which is necessary for\n building and installation.\n\n update to 1.3.6:\n\n * Support for using Redis for caching, logging, see the\n doc/howto/Redis.html documentation.\n\n * Fixed mod_sql_postgres SSL support (Issue #415).\n\n * Support building against LibreSSL instead of OpenSSL (Issue #361).\n\n * Better support on AIX for login restraictions (Bug #4285).\n\n * TimeoutLogin (and other timeouts) were not working properly for SFTP\n connections (Bug#4299).\n\n * Handling of the SIGILL and SIGINT signals, by the daemon process, now\n causes the child processes to be terminated as well (Issue #461).\n\n * RPM .spec file naming changed to conform to Fedora guidelines.\n\n * Fix for 'AllowChrootSymlinks off' checking each component for symlinks\n (CVE-2017-7418).\n\n New Modules:\n\n * mod_redis, mod_tls_redis, mod_wrap2_redis With Redis now supported as a\n caching mechanism, similar to Memcache, there are now Redis-using\n modules: mod_redis (for configuring the Redis connection information),\n mod_tls_redis (for caching SSL sessions and OCSP information using\n Redis), and mod_wrap2_redis ..\n\nDescription truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'proftpd' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd\", rpm:\"proftpd~1.3.6b~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-debuginfo\", rpm:\"proftpd-debuginfo~1.3.6b~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-debugsource\", rpm:\"proftpd-debugsource~1.3.6b~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-devel\", rpm:\"proftpd-devel~1.3.6b~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-doc\", rpm:\"proftpd-doc~1.3.6b~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-ldap\", rpm:\"proftpd-ldap~1.3.6b~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-ldap-debuginfo\", rpm:\"proftpd-ldap-debuginfo~1.3.6b~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-mysql\", rpm:\"proftpd-mysql~1.3.6b~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-mysql-debuginfo\", rpm:\"proftpd-mysql-debuginfo~1.3.6b~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-pgsql\", rpm:\"proftpd-pgsql~1.3.6b~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-pgsql-debuginfo\", rpm:\"proftpd-pgsql-debuginfo~1.3.6b~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-radius\", rpm:\"proftpd-radius~1.3.6b~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-radius-debuginfo\", rpm:\"proftpd-radius-debuginfo~1.3.6b~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-sqlite\", rpm:\"proftpd-sqlite~1.3.6b~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-sqlite-debuginfo\", rpm:\"proftpd-sqlite-debuginfo~1.3.6b~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd-lang\", rpm:\"proftpd-lang~1.3.6b~lp151.3.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-15T14:37:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12815"], "description": "The remote host is missing an update for the\n ", "modified": "2019-08-14T00:00:00", "published": "2019-08-03T00:00:00", "id": "OPENVAS:1361412562310876628", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876628", "type": "openvas", "title": "Fedora Update for proftpd FEDORA-2019-82b0f48691", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876628\");\n script_version(\"2019-08-14T07:16:43+0000\");\n script_cve_id(\"CVE-2019-12815\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-08-14 07:16:43 +0000 (Wed, 14 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-03 02:23:19 +0000 (Sat, 03 Aug 2019)\");\n script_name(\"Fedora Update for proftpd FEDORA-2019-82b0f48691\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-82b0f48691\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XM5FPBAGSIKV6YJZEPM6GPGJO5JFT7XU\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'proftpd' package(s) announced via the FEDORA-2019-82b0f48691 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"ProFTPD is an enhanced FTP server with a\n focus toward simplicity, security, and ease of configuration. It features a\n very Apache-like configuration syntax, and a highly customizable server\n infrastructure, including support for multiple ', virtual', FTP servers,\n anonymous FTP, and permission-based directory visibility.\n\nThis package defaults to the standalone behavior of ProFTPD, but all the\nneeded scripts to have it run by systemd instead are included.\");\n\n script_tag(name:\"affected\", value:\"'proftpd' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd\", rpm:\"proftpd~1.3.6~21.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:25:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12815"], "description": "The remote host is missing an update for the ", "modified": "2020-01-29T00:00:00", "published": "2019-08-08T00:00:00", "id": "OPENVAS:1361412562310891873", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891873", "type": "openvas", "title": "Debian LTS: Security Advisory for proftpd-dfsg (DLA-1873-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891873\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-12815\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-08 02:00:06 +0000 (Thu, 08 Aug 2019)\");\n script_name(\"Debian LTS: Security Advisory for proftpd-dfsg (DLA-1873-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/08/msg00006.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1873-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/932453\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'proftpd-dfsg'\n package(s) announced via the DLA-1873-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Tobias Maedel discovered that the mod_copy module of ProFTPD, a\nFTP/SFTP/FTPS server, performed incomplete permission validation for the\nCPFR/CPTO commands.\");\n\n script_tag(name:\"affected\", value:\"'proftpd-dfsg' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n1.3.5e+r1.3.5-2+deb8u3.\n\nWe recommend that you upgrade your proftpd-dfsg packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-basic\", ver:\"1.3.5e+r1.3.5-2+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-dev\", ver:\"1.3.5e+r1.3.5-2+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-doc\", ver:\"1.3.5e+r1.3.5-2+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-geoip\", ver:\"1.3.5e+r1.3.5-2+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-ldap\", ver:\"1.3.5e+r1.3.5-2+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-mysql\", ver:\"1.3.5e+r1.3.5-2+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-odbc\", ver:\"1.3.5e+r1.3.5-2+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-pgsql\", ver:\"1.3.5e+r1.3.5-2+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-sqlite\", ver:\"1.3.5e+r1.3.5-2+deb8u3\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-06T12:45:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12815"], "description": "The remote host is missing an update for the ", "modified": "2019-08-06T00:00:00", "published": "2019-08-06T00:00:00", "id": "OPENVAS:1361412562310704491", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704491", "type": "openvas", "title": "Debian Security Advisory DSA 4491-1 (proftpd-dfsg - security update)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704491\");\n script_version(\"2019-08-06T02:00:09+0000\");\n script_cve_id(\"CVE-2019-12815\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-08-06 02:00:09 +0000 (Tue, 06 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-06 02:00:09 +0000 (Tue, 06 Aug 2019)\");\n script_name(\"Debian Security Advisory DSA 4491-1 (proftpd-dfsg - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|10)\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4491.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4491-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'proftpd-dfsg'\n package(s) announced via the DSA-4491-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Tobias Maedel discovered that the mod_copy module of ProFTPD, a\nFTP/SFTP/FTPS server, performed incomplete permission validation for\nthe CPFR/CPTO commands.\");\n\n script_tag(name:\"affected\", value:\"'proftpd-dfsg' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), this problem has been fixed\nin version 1.3.5b-4+deb9u1.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.3.6-4+deb10u1.\n\nWe recommend that you upgrade your proftpd-dfsg packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-basic\", ver:\"1.3.5b-4+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-dev\", ver:\"1.3.5b-4+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-doc\", ver:\"1.3.5b-4+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-geoip\", ver:\"1.3.5b-4+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-ldap\", ver:\"1.3.5b-4+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-mysql\", ver:\"1.3.5b-4+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-odbc\", ver:\"1.3.5b-4+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-pgsql\", ver:\"1.3.5b-4+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-sqlite\", ver:\"1.3.5b-4+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-basic\", ver:\"1.3.6-4+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-dev\", ver:\"1.3.6-4+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-doc\", ver:\"1.3.6-4+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-geoip\", ver:\"1.3.6-4+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-ldap\", ver:\"1.3.6-4+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-mysql\", ver:\"1.3.6-4+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-odbc\", ver:\"1.3.6-4+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-pgsql\", ver:\"1.3.6-4+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-snmp\", ver:\"1.3.6-4+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"proftpd-mod-sqlite\", ver:\"1.3.6-4+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-15T14:38:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12815"], "description": "The remote host is missing an update for the\n ", "modified": "2019-08-14T00:00:00", "published": "2019-08-03T00:00:00", "id": "OPENVAS:1361412562310876627", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876627", "type": "openvas", "title": "Fedora Update for proftpd FEDORA-2019-e9187610c3", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876627\");\n script_version(\"2019-08-14T07:16:43+0000\");\n script_cve_id(\"CVE-2019-12815\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-08-14 07:16:43 +0000 (Wed, 14 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-03 02:23:18 +0000 (Sat, 03 Aug 2019)\");\n script_name(\"Fedora Update for proftpd FEDORA-2019-e9187610c3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-e9187610c3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OJDQ3XUYWO42TJBO53NUWDZRA35QMVEI\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'proftpd' package(s) announced via the FEDORA-2019-e9187610c3 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"ProFTPD is an enhanced FTP server with a\n focus toward simplicity, security, and ease of configuration. It features a\n very Apache-like configuration syntax, and a highly customizable server\n infrastructure, including support for multiple ', virtual', FTP servers,\n anonymous FTP, and permission-based directory visibility.\n\nThis package defaults to the standalone behavior of ProFTPD, but all the\nneeded scripts to have it run by systemd instead are included.\");\n\n script_tag(name:\"affected\", value:\"'proftpd' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd\", rpm:\"proftpd~1.3.6~21.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7418"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-04-20T00:00:00", "id": "OPENVAS:1361412562310872588", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872588", "type": "openvas", "title": "Fedora Update for proftpd FEDORA-2017-c6f424c3ff", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for proftpd FEDORA-2017-c6f424c3ff\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872588\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-20 06:41:01 +0200 (Thu, 20 Apr 2017)\");\n script_cve_id(\"CVE-2017-7418\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for proftpd FEDORA-2017-c6f424c3ff\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'proftpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"proftpd on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-c6f424c3ff\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YIVDIXFOXHZLWFE4S6EX3AD2VHAC4DQN\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"proftpd\", rpm:\"proftpd~1.3.5e~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:33:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7418"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-04-19T00:00:00", "id": "OPENVAS:1361412562310872585", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872585", "type": "openvas", "title": "Fedora Update for proftpd FEDORA-2017-e15e37b689", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for proftpd FEDORA-2017-e15e37b689\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872585\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-19 06:37:38 +0200 (Wed, 19 Apr 2017)\");\n script_cve_id(\"CVE-2017-7418\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for proftpd FEDORA-2017-e15e37b689\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'proftpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"proftpd on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-e15e37b689\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQFVJ4TWAHEMGUTBVFOVS5YCQ2OS6QSN\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"proftpd\", rpm:\"proftpd~1.3.5e~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-05T18:36:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7418"], "description": "This host is running ProFTPD server and\n is prone to local security bypass vulnerability.", "modified": "2020-03-04T00:00:00", "published": "2017-04-06T00:00:00", "id": "OPENVAS:1361412562310810731", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810731", "type": "openvas", "title": "ProFTPD 'AllowChrootSymlinks' Local Security Bypass Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ProFTPD 'AllowChrootSymlinks' Local Security Bypass Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:proftpd:proftpd\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810731\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2017-7418\");\n script_bugtraq_id(97409);\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-06 14:55:50 +0530 (Thu, 06 Apr 2017)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"ProFTPD 'AllowChrootSymlinks' Local Security Bypass Vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is running ProFTPD server and\n is prone to local security bypass vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The ProFTPD controls whether the home\n directory of a user could contain a symbolic link through the\n AllowChrootSymlinks configuration option, but checks only the last path\n component when enforcing AllowChrootSymlinks.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to bypass certain security restrictions and perform\n unauthorized actions.\");\n\n script_tag(name:\"affected\", value:\"ProFTPD versions prior to 1.3.5e and\n 1.3.6 prior to 1.3.6rc5 are vulnerable.\");\n\n script_tag(name:\"solution\", value:\"Upgrade ProFTPD 1.3.5e, 1.3.6rc5 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://bugs.proftpd.org/show_bug.cgi?id=4295\");\n script_xref(name:\"URL\", value:\"https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed\");\n script_xref(name:\"URL\", value:\"https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f\");\n script_xref(name:\"URL\", value:\"https://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"FTP\");\n script_dependencies(\"secpod_proftpd_server_detect.nasl\");\n script_require_ports(\"Services/ftp\", 21);\n script_mandatory_keys(\"ProFTPD/Installed\");\n script_xref(name:\"URL\", value:\"http://www.proftpd.org\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\n\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"1.3.5e\" ) ||\n version_in_range(version:vers, test_version:\"1.3.6\", test_version2:\"1.3.6.rc4\"))\n{\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.3.5e/1.3.6rc5\" );\n security_message( port:port, data:report );\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-06T12:10:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-18217", "CVE-2019-12815"], "description": "The remote host is missing an update for the ", "modified": "2019-10-30T00:00:00", "published": "2019-10-30T00:00:00", "id": "OPENVAS:1361412562310876950", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876950", "type": "openvas", "title": "Fedora Update for proftpd FEDORA-2019-7559f29ace", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876950\");\n script_version(\"2019-10-30T10:03:24+0000\");\n script_cve_id(\"CVE-2019-12815\", \"CVE-2019-18217\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-30 10:03:24 +0000 (Wed, 30 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-30 03:35:32 +0000 (Wed, 30 Oct 2019)\");\n script_name(\"Fedora Update for proftpd FEDORA-2019-7559f29ace\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-7559f29ace\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RB2FPAWDWXT5ALAFIC5Y3RSEMXSFL6H2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'proftpd'\n package(s) announced via the FEDORA-2019-7559f29ace advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"ProFTPD is an enhanced FTP server with a focus toward simplicity, security,\nand ease of configuration. It features a very Apache-like configuration\nsyntax, and a highly customizable server infrastructure, including support for\nmultiple ', virtual', FTP servers, anonymous FTP, and permission-based directory\nvisibility.\n\nThis package defaults to the standalone behavior of ProFTPD, but all the\nneeded scripts to have it run by systemd instead are included.\");\n\n script_tag(name:\"affected\", value:\"'proftpd' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"proftpd\", rpm:\"proftpd~1.3.6b~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-09-24T09:08:17", "description": "This update for proftpd fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-12815: Fixed arbitrary file copy in mod_copy\n that allowed for remote code execution and information\n disclosure without authentication (bnc#1142281).", "edition": 14, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "title": "openSUSE Security Update : proftpd (openSUSE-2019-1836)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12815", "CVE-2017-7418"], "modified": "2019-08-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:proftpd-devel", "p-cpe:/a:novell:opensuse:proftpd-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:proftpd-radius", "p-cpe:/a:novell:opensuse:proftpd-pgsql", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:proftpd-ldap-debuginfo", "p-cpe:/a:novell:opensuse:proftpd-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:proftpd-sqlite", "p-cpe:/a:novell:opensuse:proftpd-debugsource", "p-cpe:/a:novell:opensuse:proftpd-mysql", "p-cpe:/a:novell:opensuse:proftpd-debuginfo", "p-cpe:/a:novell:opensuse:proftpd-mysql-debuginfo", "p-cpe:/a:novell:opensuse:proftpd", "p-cpe:/a:novell:opensuse:proftpd-lang", "p-cpe:/a:novell:opensuse:proftpd-ldap", "p-cpe:/a:novell:opensuse:proftpd-radius-debuginfo"], "id": "OPENSUSE-2019-1836.NASL", "href": "https://www.tenable.com/plugins/nessus/127741", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1836.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127741);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/23\");\n\n script_cve_id(\"CVE-2017-7418\", \"CVE-2019-12815\");\n\n script_name(english:\"openSUSE Security Update : proftpd (openSUSE-2019-1836)\");\n script_summary(english:\"Check for the openSUSE-2019-1836 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for proftpd fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-12815: Fixed arbitrary file copy in mod_copy\n that allowed for remote code execution and information\n disclosure without authentication (bnc#1142281).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1142281\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected proftpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-radius-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-1.3.5e-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-debuginfo-1.3.5e-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-debugsource-1.3.5e-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-devel-1.3.5e-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-lang-1.3.5e-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-ldap-1.3.5e-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-ldap-debuginfo-1.3.5e-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-mysql-1.3.5e-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-mysql-debuginfo-1.3.5e-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-pgsql-1.3.5e-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-pgsql-debuginfo-1.3.5e-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-radius-1.3.5e-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-radius-debuginfo-1.3.5e-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-sqlite-1.3.5e-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-sqlite-debuginfo-1.3.5e-lp151.3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"proftpd / proftpd-debuginfo / proftpd-debugsource / proftpd-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:30:13", "description": "This update for proftpd fixes the following issues :\n\n - GeoIP has been discontinued by Maxmind (boo#1156210)\n This update removes module build for geoip see\n https://support.maxmind.com/geolite-legacy-discontinuati\n on-notice/\n\n - CVE-2019-19269: Fixed a NULL pointer dereference may\n occur when validating the certificate of a client\n connecting to the server (boo#1157803)\n\n - CVE-2019-19270: Fixed a Failure to check for the\n appropriate field of a CRL entry prevents some valid\n CRLs from being taken into account (boo#1157798)\n\n - CVE-2019-18217: Fixed remote unauthenticated\n denial-of-service due to incorrect handling of overly\n long commands (boo#1154600 gh#846)\n\nUpdate to 1.3.6b\n\n - Fixed pre-authentication remote denial-of-service issue\n (Issue #846).\n\n - Backported fix for building mod_sql_mysql using MySQL 8\n (Issue #824).\n\nUpdate to 1.3.6a :\n\n - Fixed symlink navigation (Bug#4332).\n\n - Fixed building of mod_sftp using OpenSSL 1.1.x releases\n (Issue#674).\n\n - Fixed SITE COPY honoring of <Limit> restrictions\n (Bug#4372).\n\n - Fixed segfault on login when using mod_sftp +\n mod_sftp_pam (Issue#656).\n\n - Fixed restarts when using mod_facl as a static module\n\n - Add missing Requires(pre): group(ftp) for Leap 15 and\n Tumbleweed (boo#1155834)\n\n - Add missing Requires(pre): user(ftp) for Leap 15 and\n Tumbleweed (boo#1155834)\n\n - Use pam_keyinit.so (boo#1144056)\n\n - Reduce hard dependency on systemd to only that which is\n necessary for building and installation.\n\nupdate to 1.3.6 :\n\n - Support for using Redis for caching, logging; see the\n doc/howto/Redis.html documentation.\n\n - Fixed mod_sql_postgres SSL support (Issue #415).\n\n - Support building against LibreSSL instead of OpenSSL\n (Issue #361).\n\n - Better support on AIX for login restraictions (Bug\n #4285).\n\n - TimeoutLogin (and other timeouts) were not working\n properly for SFTP connections (Bug#4299).\n\n - Handling of the SIGILL and SIGINT signals, by the daemon\n process, now causes the child processes to be terminated\n as well (Issue #461).\n\n - RPM .spec file naming changed to conform to Fedora\n guidelines.\n\n - Fix for 'AllowChrootSymlinks off' checking each\n component for symlinks (CVE-2017-7418).\n\nNew Modules :\n\n - mod_redis, mod_tls_redis, mod_wrap2_redis With Redis now\n supported as a caching mechanism, similar to Memcache,\n there are now Redis-using modules: mod_redis (for\n configuring the Redis connection information),\n mod_tls_redis (for caching SSL sessions and OCSP\n information using Redis), and mod_wrap2_redis (for using\n ACLs stored in Redis).\n\nChanged Modules :\n\n - mod_ban: The mod_ban module's BanCache directive can now\n use Redis-based caching; see\n doc/contrib/mod_ban.html#BanCache.\n\n-New Configuration Directives\n\n - SQLPasswordArgon2, SQLPasswordScrypt\n\n The key lengths for Argon2 and Scrypt-based passwords\n are now configurable via these new directives;\n previously, the key length had been hardcoded to be 32\n bytes, which is not interoperable with all other\n implementations (Issue #454).\n\nChanged Configuration Directives\n\n - AllowChrootSymlinks When 'AllowChrootSymlinks off' was\n used, only the last portion of the DefaultRoot path\n would be checked to see if it was a symlink. Now, each\n component of the DefaultRoot path will be checked to see\n if it is a symlink when 'AllowChrootSymlinks off' is\n used.\n\n - Include The Include directive can now be used within a\n <Limit> section, e.g.: <Limit LOGIN> Include\n /path/to/allowed.txt DenyAll </Limit> API Changes\n\n - A new JSON API has been added, for use by third-party\n modules.", "edition": 15, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-15T00:00:00", "title": "openSUSE Security Update : proftpd (openSUSE-2020-31)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-18217", "CVE-2019-19269", "CVE-2019-12815", "CVE-2017-7418", "CVE-2019-19270"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:proftpd-devel", "p-cpe:/a:novell:opensuse:proftpd-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:proftpd-radius", "p-cpe:/a:novell:opensuse:proftpd-pgsql", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:proftpd-ldap-debuginfo", "p-cpe:/a:novell:opensuse:proftpd-pgsql-debuginfo", "p-cpe:/a:novell:opensuse:proftpd-sqlite", "p-cpe:/a:novell:opensuse:proftpd-debugsource", "p-cpe:/a:novell:opensuse:proftpd-mysql", "p-cpe:/a:novell:opensuse:proftpd-debuginfo", "p-cpe:/a:novell:opensuse:proftpd-mysql-debuginfo", "p-cpe:/a:novell:opensuse:proftpd", "p-cpe:/a:novell:opensuse:proftpd-lang", "p-cpe:/a:novell:opensuse:proftpd-ldap", "p-cpe:/a:novell:opensuse:proftpd-radius-debuginfo"], "id": "OPENSUSE-2020-31.NASL", "href": "https://www.tenable.com/plugins/nessus/132911", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-31.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132911);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2017-7418\", \"CVE-2019-12815\", \"CVE-2019-18217\", \"CVE-2019-19269\", \"CVE-2019-19270\");\n\n script_name(english:\"openSUSE Security Update : proftpd (openSUSE-2020-31)\");\n script_summary(english:\"Check for the openSUSE-2020-31 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for proftpd fixes the following issues :\n\n - GeoIP has been discontinued by Maxmind (boo#1156210)\n This update removes module build for geoip see\n https://support.maxmind.com/geolite-legacy-discontinuati\n on-notice/\n\n - CVE-2019-19269: Fixed a NULL pointer dereference may\n occur when validating the certificate of a client\n connecting to the server (boo#1157803)\n\n - CVE-2019-19270: Fixed a Failure to check for the\n appropriate field of a CRL entry prevents some valid\n CRLs from being taken into account (boo#1157798)\n\n - CVE-2019-18217: Fixed remote unauthenticated\n denial-of-service due to incorrect handling of overly\n long commands (boo#1154600 gh#846)\n\nUpdate to 1.3.6b\n\n - Fixed pre-authentication remote denial-of-service issue\n (Issue #846).\n\n - Backported fix for building mod_sql_mysql using MySQL 8\n (Issue #824).\n\nUpdate to 1.3.6a :\n\n - Fixed symlink navigation (Bug#4332).\n\n - Fixed building of mod_sftp using OpenSSL 1.1.x releases\n (Issue#674).\n\n - Fixed SITE COPY honoring of <Limit> restrictions\n (Bug#4372).\n\n - Fixed segfault on login when using mod_sftp +\n mod_sftp_pam (Issue#656).\n\n - Fixed restarts when using mod_facl as a static module\n\n - Add missing Requires(pre): group(ftp) for Leap 15 and\n Tumbleweed (boo#1155834)\n\n - Add missing Requires(pre): user(ftp) for Leap 15 and\n Tumbleweed (boo#1155834)\n\n - Use pam_keyinit.so (boo#1144056)\n\n - Reduce hard dependency on systemd to only that which is\n necessary for building and installation.\n\nupdate to 1.3.6 :\n\n - Support for using Redis for caching, logging; see the\n doc/howto/Redis.html documentation.\n\n - Fixed mod_sql_postgres SSL support (Issue #415).\n\n - Support building against LibreSSL instead of OpenSSL\n (Issue #361).\n\n - Better support on AIX for login restraictions (Bug\n #4285).\n\n - TimeoutLogin (and other timeouts) were not working\n properly for SFTP connections (Bug#4299).\n\n - Handling of the SIGILL and SIGINT signals, by the daemon\n process, now causes the child processes to be terminated\n as well (Issue #461).\n\n - RPM .spec file naming changed to conform to Fedora\n guidelines.\n\n - Fix for 'AllowChrootSymlinks off' checking each\n component for symlinks (CVE-2017-7418).\n\nNew Modules :\n\n - mod_redis, mod_tls_redis, mod_wrap2_redis With Redis now\n supported as a caching mechanism, similar to Memcache,\n there are now Redis-using modules: mod_redis (for\n configuring the Redis connection information),\n mod_tls_redis (for caching SSL sessions and OCSP\n information using Redis), and mod_wrap2_redis (for using\n ACLs stored in Redis).\n\nChanged Modules :\n\n - mod_ban: The mod_ban module's BanCache directive can now\n use Redis-based caching; see\n doc/contrib/mod_ban.html#BanCache.\n\n-New Configuration Directives\n\n - SQLPasswordArgon2, SQLPasswordScrypt\n\n The key lengths for Argon2 and Scrypt-based passwords\n are now configurable via these new directives;\n previously, the key length had been hardcoded to be 32\n bytes, which is not interoperable with all other\n implementations (Issue #454).\n\nChanged Configuration Directives\n\n - AllowChrootSymlinks When 'AllowChrootSymlinks off' was\n used, only the last portion of the DefaultRoot path\n would be checked to see if it was a symlink. Now, each\n component of the DefaultRoot path will be checked to see\n if it is a symlink when 'AllowChrootSymlinks off' is\n used.\n\n - Include The Include directive can now be used within a\n <Limit> section, e.g.: <Limit LOGIN> Include\n /path/to/allowed.txt DenyAll </Limit> API Changes\n\n - A new JSON API has been added, for use by third-party\n modules.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1144056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1157798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1157803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.maxmind.com/geolite-legacy-discontinuation-notice/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected proftpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-pgsql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-radius-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:proftpd-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-1.3.6b-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-debuginfo-1.3.6b-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-debugsource-1.3.6b-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-devel-1.3.6b-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-lang-1.3.6b-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-ldap-1.3.6b-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-ldap-debuginfo-1.3.6b-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-mysql-1.3.6b-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-mysql-debuginfo-1.3.6b-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-pgsql-1.3.6b-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-pgsql-debuginfo-1.3.6b-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-radius-1.3.6b-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-radius-debuginfo-1.3.6b-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-sqlite-1.3.6b-lp151.3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"proftpd-sqlite-debuginfo-1.3.6b-lp151.3.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"proftpd / proftpd-debuginfo / proftpd-debugsource / proftpd-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T02:24:24", "description": "This update addresses an arbitrary file copy vulnerability in mod_copy\nin ProFTPD, which allowed for remote code execution and information\ndisclosure without authentication due to not honoring `<Limit>`\nconstraints.\n\nUpstream bug: http://bugs.proftpd.org/show_bug.cgi?id=4372\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "title": "Fedora 29 : proftpd (2019-82b0f48691)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12815"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:proftpd", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-82B0F48691.NASL", "href": "https://www.tenable.com/plugins/nessus/127519", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-82b0f48691.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127519);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2019-12815\");\n script_xref(name:\"FEDORA\", value:\"2019-82b0f48691\");\n\n script_name(english:\"Fedora 29 : proftpd (2019-82b0f48691)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses an arbitrary file copy vulnerability in mod_copy\nin ProFTPD, which allowed for remote code execution and information\ndisclosure without authentication due to not honoring `<Limit>`\nconstraints.\n\nUpstream bug: http://bugs.proftpd.org/show_bug.cgi?id=4372\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.proftpd.org/show_bug.cgi?id=4372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-82b0f48691\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected proftpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:proftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"proftpd-1.3.6-21.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"proftpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:51:21", "description": "Tobias Maedel discovered that the mod_copy module of ProFTPD, a\nFTP/SFTP/FTPS server, performed incomplete permission validation for\nthe CPFR/CPTO commands.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "title": "Debian DSA-4491-1 : proftpd-dfsg - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12815"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:proftpd-dfsg", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4491.NASL", "href": "https://www.tenable.com/plugins/nessus/127487", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4491. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127487);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2019-12815\");\n script_xref(name:\"DSA\", value:\"4491\");\n\n script_name(english:\"Debian DSA-4491-1 : proftpd-dfsg - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tobias Maedel discovered that the mod_copy module of ProFTPD, a\nFTP/SFTP/FTPS server, performed incomplete permission validation for\nthe CPFR/CPTO commands.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932453\"\n );\n # https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a98522a3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/proftpd-dfsg\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/proftpd-dfsg\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4491\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the proftpd-dfsg packages.\n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 1.3.5b-4+deb9u1.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.3.6-4+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:proftpd-dfsg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"proftpd-basic\", reference:\"1.3.6-4+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"proftpd-dev\", reference:\"1.3.6-4+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"proftpd-doc\", reference:\"1.3.6-4+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"proftpd-mod-geoip\", reference:\"1.3.6-4+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"proftpd-mod-ldap\", reference:\"1.3.6-4+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"proftpd-mod-mysql\", reference:\"1.3.6-4+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"proftpd-mod-odbc\", reference:\"1.3.6-4+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"proftpd-mod-pgsql\", reference:\"1.3.6-4+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"proftpd-mod-snmp\", reference:\"1.3.6-4+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"proftpd-mod-sqlite\", reference:\"1.3.6-4+deb10u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"proftpd-basic\", reference:\"1.3.5b-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"proftpd-dev\", reference:\"1.3.5b-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"proftpd-doc\", reference:\"1.3.5b-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"proftpd-mod-geoip\", reference:\"1.3.5b-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"proftpd-mod-ldap\", reference:\"1.3.5b-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"proftpd-mod-mysql\", reference:\"1.3.5b-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"proftpd-mod-odbc\", reference:\"1.3.5b-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"proftpd-mod-pgsql\", reference:\"1.3.5b-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"proftpd-mod-sqlite\", reference:\"1.3.5b-4+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:41:10", "description": "Tobias Maedel discovered that the mod_copy module of ProFTPD, a\nFTP/SFTP/FTPS server, performed incomplete permission validation for\nthe CPFR/CPTO commands.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n1.3.5e+r1.3.5-2+deb8u3.\n\nWe recommend that you upgrade your proftpd-dfsg packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "title": "Debian DLA-1873-1 : proftpd-dfsg security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12815"], "modified": "2019-08-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:proftpd-mod-sqlite", "p-cpe:/a:debian:debian_linux:proftpd-mod-ldap", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:proftpd-mod-odbc", "p-cpe:/a:debian:debian_linux:proftpd-mod-mysql", "p-cpe:/a:debian:debian_linux:proftpd-doc", "p-cpe:/a:debian:debian_linux:proftpd-mod-pgsql", "p-cpe:/a:debian:debian_linux:proftpd-dev", "p-cpe:/a:debian:debian_linux:proftpd-mod-geoip", "p-cpe:/a:debian:debian_linux:proftpd-basic"], "id": "DEBIAN_DLA-1873.NASL", "href": "https://www.tenable.com/plugins/nessus/127482", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1873-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127482);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-12815\");\n\n script_name(english:\"Debian DLA-1873-1 : proftpd-dfsg security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tobias Maedel discovered that the mod_copy module of ProFTPD, a\nFTP/SFTP/FTPS server, performed incomplete permission validation for\nthe CPFR/CPTO commands.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n1.3.5e+r1.3.5-2+deb8u3.\n\nWe recommend that you upgrade your proftpd-dfsg packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/08/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/proftpd-dfsg\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:proftpd-basic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:proftpd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:proftpd-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:proftpd-mod-geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:proftpd-mod-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:proftpd-mod-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:proftpd-mod-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:proftpd-mod-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:proftpd-mod-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"proftpd-basic\", reference:\"1.3.5e+r1.3.5-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"proftpd-dev\", reference:\"1.3.5e+r1.3.5-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"proftpd-doc\", reference:\"1.3.5e+r1.3.5-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"proftpd-mod-geoip\", reference:\"1.3.5e+r1.3.5-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"proftpd-mod-ldap\", reference:\"1.3.5e+r1.3.5-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"proftpd-mod-mysql\", reference:\"1.3.5e+r1.3.5-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"proftpd-mod-odbc\", reference:\"1.3.5e+r1.3.5-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"proftpd-mod-pgsql\", reference:\"1.3.5e+r1.3.5-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"proftpd-mod-sqlite\", reference:\"1.3.5e+r1.3.5-2+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T02:28:01", "description": "This update addresses an arbitrary file copy vulnerability in mod_copy\nin ProFTPD, which allowed for remote code execution and information\ndisclosure without authentication due to not honoring `<Limit>`\nconstraints.\n\nUpstream bug: http://bugs.proftpd.org/show_bug.cgi?id=4372\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "title": "Fedora 30 : proftpd (2019-e9187610c3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12815"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:proftpd", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-E9187610C3.NASL", "href": "https://www.tenable.com/plugins/nessus/127534", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-e9187610c3.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127534);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2019-12815\");\n script_xref(name:\"FEDORA\", value:\"2019-e9187610c3\");\n\n script_name(english:\"Fedora 30 : proftpd (2019-e9187610c3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses an arbitrary file copy vulnerability in mod_copy\nin ProFTPD, which allowed for remote code execution and information\ndisclosure without authentication due to not honoring `<Limit>`\nconstraints.\n\nUpstream bug: http://bugs.proftpd.org/show_bug.cgi?id=4372\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.proftpd.org/show_bug.cgi?id=4372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-e9187610c3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected proftpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:proftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"proftpd-1.3.6-21.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"proftpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:55:08", "description": "The remote host is running ProFTPD. It is affected by a vulnerability in the mod_copy module which fails to honor\n <Limit READ> and <Limit WRITE> configurations as expected. An unauthenticated, remote attacker can exploit this, by\n using the mod_copy module's functionality, in order to copy arbitrary files in the FTP directory, provided that\n anonymous logins and mod_copy are enabled and the FTP directory is accessible from a web server. If a file exists in\n the FTP directory that contains PHP code but does not use the PHP extension, an attacker can copy this file to one with\n a PHP extension in order to execute code.", "edition": 15, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-09T00:00:00", "title": "ProFTPD 'mod_copy' Arbitrary File Copy Vulnerability (Remote)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12815"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:proftpd:proftpd"], "id": "PROFTPD_MOD_COPY.NASL", "href": "https://www.tenable.com/plugins/nessus/132749", "sourceData": "#TRUSTED 2606a82fe45cef6e98cdef5158a02d801029d40370c6e17674ee1a30b219c8128c24fb449cf90f150142b4dd1a42ce0680c4da282a0c1b4e524658a83e6d9997d9638c6b77fee9e471f7a1ca14c11eff88503c466da2c9b0906f53ae16f264894942490d367ccb8b3927e59e734b679999185e7056edd2a4b9bc4205488c6fbd88cf31169ebb36086151a856cdbe08f6c576e249115489434ca132fc3485fccc9c029f0de97ced3996515eb31b5460d4370fe33f517595fcdef1f2560003cb9e958a38aa370cade45ae692786e6070e6755b742b9ef2ab2263bfc51cc36aafeddc42bcd757331c613ed9773ec273af5440824aa6815bc0c32eefacd9c2e03cd11da1da6c4a1e8d78ead8d3d3bd9d906928decd2680c0a36eb1120f18b9d620351d97409aaa7f487891476ac5518884765f5798613867d37d720c66b35f54f737a7483bf9a997fbfc94afeeb704ac63e005068a462ca9a462ab3ea14011729f8de1567b804cc0eb83e26975e3f352f9139161092708c4ce240dc722f619219e87c5dd82ffdf626129ffdf65eb617680298f53825fb7ec267d8105fe127c8705b2d09afe05c7e3f04becd4fd9ebd02d86481499de4e2a8a695dd8bfc8988a7be9ee882d0618c1ab3d3b33d63161ca2ad1a591c6b4c1e3b19a831a82f359317c8f767c44eed0df71dd957762c79126b319d19243b662fbcf474b70c790f55634d0c\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132749);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2019-12815\");\n script_bugtraq_id(109339);\n\n script_name(english:\"ProFTPD 'mod_copy' Arbitrary File Copy Vulnerability (Remote)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"It is possible for anonymous users to copy arbitrary files.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running ProFTPD. It is affected by a vulnerability in the mod_copy module which fails to honor\n <Limit READ> and <Limit WRITE> configurations as expected. An unauthenticated, remote attacker can exploit this, by\n using the mod_copy module's functionality, in order to copy arbitrary files in the FTP directory, provided that\n anonymous logins and mod_copy are enabled and the FTP directory is accessible from a web server. If a file exists in\n the FTP directory that contains PHP code but does not use the PHP extension, an attacker can copy this file to one with\n a PHP extension in order to execute code.\");\n # https://www.bleepingcomputer.com/news/security/proftpd-vulnerability-lets-users-copy-files-without-permission/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a323713d\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.proftpd.org/show_bug.cgi?id=4372\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the latest version of ProFTPD.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12815\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:proftpd:proftpd\");\n script_end_attributes();\n\n script_category(ACT_DESTRUCTIVE_ATTACK);\n script_family(english:\"FTP\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ftpserver_detect_type_nd_version.nasl\");\n script_require_keys(\"ftp/proftpd\");\n script_exclude_keys(\"global_settings/supplied_logins_only\");\n script_require_ports(\"Services/ftp\", 21);\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ftp_func.inc');\ninclude('spad_log_func.inc');\n\n##\n# Authenticate to the FTP server and return a command and data socket.\n# @param cmd_port The FTP command port\n# @return a list whose first element is the command socket, and second element is the pasv data socket.\n##\nfunction establish_ftp_connection(cmd_port)\n{\n local_var d_soc, c_soc, d_port;\n c_soc = open_sock_tcp(cmd_port);\n if(!c_soc)\n audit(AUDIT_SOCK_FAIL, cmd_port);\n\n if (!ftp_authenticate(socket:c_soc, user:'ftp', pass:'Nessus@tenable.com'))\n if (!ftp_authenticate(socket:c_soc, user:'anonymous', pass:'Nessus@tenable.com'))\n {\n close(c_soc);\n audit(AUDIT_HOST_NOT, 'vulnerable as anonymous login is not enabled');\n }\n d_port = ftp_pasv(socket: c_soc);\n spad_log(message:'PASV FTP Port: ' + d_port);\n # Can't get PASV port from FTP server\n if (d_port == 0)\n {\n close(c_soc);\n audit(AUDIT_SVC_ERR, cmd_port);\n }\n d_soc = open_sock_tcp(d_port, transport: get_port_transport(cmd_port));\n if (!d_soc)\n {\n close(c_soc);\n audit(AUDIT_SOCK_FAIL, d_port);\n }\n return make_list(c_soc, d_soc);\n}\n\n##\n# Lists the contents of the FTP root, printing them to spad_log as well as returning them\n# @return the FTP root listing\n##\nfunction get_listing()\n{\n local_var list_req = 'LIST \\r\\n';\n\n spad_log(message:'Sending \\'' + list_req + '\\'');\n send(socket:cmd_soc, data:list_req);\n cmd_res = ftp_recv_line(socket:cmd_soc);\n spad_log(message:'LIST response code: ' + cmd_res);\n\n data_res = ftp_recv_listing(socket:data_soc);\n spad_log(message:'Received the following listing of the FTP root:\\n' + data_res);\n\n return data_res;\n}\n\nif (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);\n\nif (safe_checks())\n # No corresponding audit message\n exit(0, \"This plugin requires safe checks to be disabled.\");\n\ncmd_port = get_ftp_port(default: 21);\n\n### Unless it's paranoid, make sure the banner exists and looks like ProFTPD. ###\nif (report_paranoia < 2)\n{\n banner = get_ftp_banner(port:cmd_port);\n if (!banner)\n audit(AUDIT_NO_BANNER, cmd_port);\n if (\n \" ProFTPD\" >!< banner &&\n \"(ProFTPD)\" >!< banner &&\n \"220 FTP Server ready\" >!< banner\n )\n audit(AUDIT_NOT_LISTEN, 'ProFTPD', cmd_port);\n}\n\n### Get command and data sockets\nsocs = establish_ftp_connection(cmd_port:cmd_port);\ncmd_soc = socs[0];\ndata_soc = socs[1];\n\n### Try to STOR from stdin ###\nstor_req = 'STOR -\\r\\n';\nspad_log(message:'Sending \\'' + stor_req + '\\'');\nsend(socket:cmd_soc, data:stor_req);\ncmd_res = ftp_recv_line(socket:cmd_soc);\nspad_log(message:'STOR response code: ' + cmd_res);\nif (cmd_res !~ '^550')\n{\n close(cmd_soc);\n close(data_soc);\n audit(AUDIT_HOST_NOT, 'affected as anonymous users have write permissions');\n}\n\n### List files to find a file to copy ###\ndata_res = get_listing();\n\n# Split the FTP LIST command output and copy the first file or directory\ngot_file = FALSE;\nforeach line (split(data_res, sep:'\\r\\n', keep:FALSE))\n{\n # In both Windows and Linux, the file/dir name should be the last thing in the line\n file_name_res = pregmatch(pattern:\".*\\s([^\\s]+)\\s*$\", string:line);\n if (!empty_or_null(file_name_res))\n {\n to_copy = file_name_res[1];\n spad_log(message:'File or folder name to copy: ' + to_copy);\n got_file = TRUE;\n break;\n }\n}\n\n# Nothing to copy\nif (!got_file)\n{\n close(cmd_soc);\n close(data_soc);\n audit(AUDIT_HOST_NOT, 'vulnerable as there are no files or directories to copy');\n}\n\n### Specify copy from file/dir ###\ncpfr_cmd = 'site cpfr ' + to_copy + '\\r\\n';\nspad_log(message:'Sending mod_copy command: \\'' + cpfr_cmd + '\\'');\nsend(socket:cmd_soc, data:cpfr_cmd);\n# Need this line for copy to work. The response code is empty.\nftp_recv_line(socket:cmd_soc);\n\n### Try to copy it to a different name ###\npattern = rand_str(length:8, charset:'0123456789ABCDEF');\ncopy_to = 'Nessus-proftpd_file_copy_rce-'+ get_host_ip() + '-' + pattern;\ncpto_cmd = 'site cpto ' + copy_to + '\\r\\n';\nspad_log(message:'Sending mod_copy command: \\'' + cpto_cmd + '\\'');\nsend(socket:cmd_soc, data:cpto_cmd);\n\n\n### Check if copied file is present\n# Need to close sockets and open a new connection\nclose(cmd_soc);\nclose(data_soc);\nsocs = establish_ftp_connection(cmd_port:cmd_port);\ncmd_soc = socs[0];\ndata_soc = socs[1];\n\ndata_res = get_listing();\nif (copy_to >!< data_res)\n{\n close(cmd_soc);\n close(data_soc);\n audit(AUDIT_HOST_NOT, 'vulnerable as mod_copy did not successfully copy a file');\n}\n\nclose(cmd_soc);\nclose(data_soc);\nreport = 'Nessus was able to copy the file or directory ' + to_copy + ' to the new file ' + copy_to + ' using mod_copy';\nsecurity_report_v4(severity:SECURITY_HOLE, port:cmd_port, extra:report);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T02:57:28", "description": "The remote host is affected by the vulnerability described in GLSA-201908-16\n(ProFTPD: Remote code execution)\n\n It was discovered that ProFTPD’s “mod_copy” module does not\n properly restrict privileges for anonymous users.\n \nImpact :\n\n A remote attacker, by anonymously uploading a malicious file, could\n possibly execute arbitrary code with the privileges of the process, cause\n a Denial of Service condition or disclose information.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-20T00:00:00", "title": "GLSA-201908-16 : ProFTPD: Remote code execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12815"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:proftpd"], "id": "GENTOO_GLSA-201908-16.NASL", "href": "https://www.tenable.com/plugins/nessus/127965", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201908-16.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127965);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-12815\");\n script_xref(name:\"GLSA\", value:\"201908-16\");\n\n script_name(english:\"GLSA-201908-16 : ProFTPD: Remote code execution\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201908-16\n(ProFTPD: Remote code execution)\n\n It was discovered that ProFTPD’s “mod_copy” module does not\n properly restrict privileges for anonymous users.\n \nImpact :\n\n A remote attacker, by anonymously uploading a malicious file, could\n possibly execute arbitrary code with the privileges of the process, cause\n a Denial of Service condition or disclose information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201908-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ProFTPD users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-ftp/proftpd-1.3.6-r5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:proftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-ftp/proftpd\", unaffected:make_list(\"ge 1.3.6-r5\"), vulnerable:make_list(\"lt 1.3.6-r5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ProFTPD\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T04:55:08", "description": "The remote host is using ProFTPD, a free FTP server for Unix and\nLinux.\nAccording to its banner, the version of ProFTPD installed on the\nremote host is prior to 1.3.5e or 1.3.6x prior to 1.3.6rc5\nand is affected by an issue where an attacker who is not granted \nfull filesystem access may reconfigure the home directory of an \nFTP user.", "edition": 22, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-02-12T00:00:00", "title": "ProFTPD < 1.3.5e / 1.3.6x < 1.3.6rc5 AllowChrootSymlinks bypass", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7418"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:proftpd:proftpd"], "id": "PROFTPD_1_3_6_RC5.NASL", "href": "https://www.tenable.com/plugins/nessus/106756", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106756);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2017-7418\");\n script_bugtraq_id(97409);\n\n script_name(english:\"ProFTPD < 1.3.5e / 1.3.6x < 1.3.6rc5 AllowChrootSymlinks bypass\");\n script_summary(english:\"Checks version of ProFTPD.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FTP server is affected by a mitigation bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is using ProFTPD, a free FTP server for Unix and\nLinux.\nAccording to its banner, the version of ProFTPD installed on the\nremote host is prior to 1.3.5e or 1.3.6x prior to 1.3.6rc5\nand is affected by an issue where an attacker who is not granted \nfull filesystem access may reconfigure the home directory of an \nFTP user.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://bugs.proftpd.org/show_bug.cgi?id=4295\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ProFTPD version 1.3.5e / 1.3.6rc5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/12\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:proftpd:proftpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FTP\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ftp_overflow.nasl\", \"ftpserver_detect_type_nd_version.nasl\");\n script_require_keys(\"ftp/proftpd\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/ftp\", 21);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"ftp_func.inc\");\ninclude(\"global_settings.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_ftp_port(default: 21, broken:TRUE);\n\napp = \"ProFTPD\";\nbanner = get_ftp_banner(port:port);\nif (!banner) audit(AUDIT_NO_BANNER, port);\nif (app >!< banner) audit(AUDIT_NOT_DETECT, app, port);\n\nmatches = pregmatch(string:banner, pattern:\"ProFTPD ([0-9a-z.]+) \");\nif (isnull(matches)) audit(AUDIT_SERVICE_VER_FAIL, app, port);\nversion = matches[1];\n\nif (version =~ '^1(\\\\.3)?$') audit(AUDIT_VER_NOT_GRANULAR, app, version);\n\nif (\n version =~ \"^0($|\\.)\" ||\n version =~ \"^1\\.[0-2]($|\\.)\" ||\n version =~ \"^1\\.3\\.[1234]($|[^0-9])\" ||\n version =~ \"^1\\.3\\.5(rc[1-9]|[abcd])?($|[^0-9e-z])\" ||\n version =~ \"^1\\.3\\.6(rc[1234])?($|[^0-9a-z])\"\n)\n{\n report =\n '\\n Version source : ' + chomp(banner) +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.3.5e / 1.3.6rc5\\n';\n security_report_v4(severity:SECURITY_NOTE, port:port, extra:report);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app, port, version);\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T01:10:18", "description": "New proftpd packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, 14.2, and -current to fix security issues.", "edition": 24, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2017-04-24T00:00:00", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : proftpd (SSA:2017-112-03)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7418"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:13.0", "p-cpe:/a:slackware:slackware_linux:proftpd", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2017-112-03.NASL", "href": "https://www.tenable.com/plugins/nessus/99598", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-112-03. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99598);\n script_version(\"$Revision: 3.3 $\");\n script_cvs_date(\"$Date: 2018/01/26 17:50:31 $\");\n\n script_cve_id(\"CVE-2017-7418\");\n script_xref(name:\"SSA\", value:\"2017-112-03\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : proftpd (SSA:2017-112-03)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New proftpd packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, 14.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.545090\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0d0f132\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected proftpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:proftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"proftpd\", pkgver:\"1.3.5e\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"proftpd\", pkgver:\"1.3.5e\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"proftpd\", pkgver:\"1.3.5e\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"proftpd\", pkgver:\"1.3.5e\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"proftpd\", pkgver:\"1.3.5e\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"proftpd\", pkgver:\"1.3.5e\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"proftpd\", pkgver:\"1.3.5e\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"proftpd\", pkgver:\"1.3.5e\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"proftpd\", pkgver:\"1.3.5e\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"proftpd\", pkgver:\"1.3.5e\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"proftpd\", pkgver:\"1.3.5e\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"proftpd\", pkgver:\"1.3.5e\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"proftpd\", pkgver:\"1.3.6\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"proftpd\", pkgver:\"1.3.6\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:slackware_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "suse": [{"lastseen": "2019-08-08T17:19:30", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12815", "CVE-2017-7418"], "description": "This update for proftpd fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-12815: Fixed arbitrary file copy in mod_copy that allowed for\n remote code execution and information disclosure without authentication\n (bnc#1142281).\n\n", "edition": 1, "modified": "2019-08-08T15:10:23", "published": "2019-08-08T15:10:23", "id": "OPENSUSE-SU-2019:1836-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html", "title": "Security update for proftpd (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-14T00:24:47", "bulletinFamily": "unix", "cvelist": ["CVE-2019-18217", "CVE-2019-19269", "CVE-2019-12815", "CVE-2017-7418", "CVE-2019-19270"], "description": "This update for proftpd fixes the following issues:\n\n * GeoIP has been discontinued by Maxmind (boo#1156210) This update removes\n module build for geoip see\n <a rel=\"nofollow\" href=\"https://support.maxmind.com/geolite-legacy-discontinuation-notice/\">https://support.maxmind.com/geolite-legacy-discontinuation-notice/</a>\n\n - CVE-2019-19269: Fixed a NULL pointer dereference may occur when\n validating the certificate of a client connecting to the server\n (boo#1157803)\n - CVE-2019-19270: Fixed a Failure to check for the appropriate field of a\n CRL entry prevents some valid CRLs from being taken into account\n (boo#1157798)\n - CVE-2019-18217: Fixed remote unauthenticated denial-of-service due to\n incorrect handling of overly long commands (boo#1154600 gh#846)\n\n Update to 1.3.6b\n\n * Fixed pre-authentication remote denial-of-service issue (Issue #846).\n * Backported fix for building mod_sql_mysql using MySQL 8 (Issue #824).\n\n Update to 1.3.6a:\n\n * Fixed symlink navigation (Bug#4332).\n * Fixed building of mod_sftp using OpenSSL 1.1.x releases (Issue#674).\n * Fixed SITE COPY honoring of <Limit> restrictions (Bug#4372).\n * Fixed segfault on login when using mod_sftp + mod_sftp_pam (Issue#656).\n * Fixed restarts when using mod_facl as a static module\n * Add missing Requires(pre): group(ftp) for Leap 15 and Tumbleweed\n (boo#1155834)\n * Add missing Requires(pre): user(ftp) for Leap 15 and Tumbleweed\n (boo#1155834)\n * Use pam_keyinit.so (boo#1144056)\n\n - Reduce hard dependency on systemd to only that which is necessary for\n building and installation.\n\n update to 1.3.6:\n\n * Support for using Redis for caching, logging; see the\n doc/howto/Redis.html documentation.\n * Fixed mod_sql_postgres SSL support (Issue #415).\n * Support building against LibreSSL instead of OpenSSL (Issue #361).\n * Better support on AIX for login restraictions (Bug #4285).\n * TimeoutLogin (and other timeouts) were not working properly for SFTP\n connections (Bug#4299).\n * Handling of the SIGILL and SIGINT signals, by the daemon process, now\n causes the child processes to be terminated as well (Issue #461).\n * RPM .spec file naming changed to conform to Fedora guidelines.\n * Fix for "AllowChrootSymlinks off" checking each component for symlinks\n (CVE-2017-7418).\n\n New Modules:\n\n * mod_redis, mod_tls_redis, mod_wrap2_redis With Redis now supported as a\n caching mechanism, similar to Memcache, there are now Redis-using\n modules: mod_redis (for configuring the Redis connection information),\n mod_tls_redis (for caching SSL sessions and OCSP information using\n Redis), and mod_wrap2_redis (for using ACLs stored in Redis).\n\n Changed Modules:\n\n * mod_ban: The mod_ban module's BanCache directive can now use Redis-based\n caching; see doc/contrib/mod_ban.html#BanCache.\n\n -New Configuration Directives\n\n * SQLPasswordArgon2, SQLPasswordScrypt\n\n The key lengths for Argon2 and Scrypt-based passwords are now\n configurable via these new directives; previously, the key length had been\n hardcoded to be 32 bytes, which is not interoperable with all other\n implementations (Issue #454).\n\n Changed Configuration Directives\n\n * AllowChrootSymlinks When "AllowChrootSymlinks off" was used, only the\n last portion of the DefaultRoot path would be checked to see if it was a\n symlink. Now, each component of the DefaultRoot path will be checked to\n see if it is a symlink when "AllowChrootSymlinks off" is used.\n * Include The Include directive can now be used within a <Limit> section,\n e.g.: <Limit LOGIN> Include /path/to/allowed.txt DenyAll </Limit> API\n Changes\n * A new JSON API has been added, for use by third-party modules.\n\n", "edition": 1, "modified": "2020-01-13T21:11:47", "published": "2020-01-13T21:11:47", "id": "OPENSUSE-SU-2020:0031-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html", "title": "Security update for proftpd (moderate)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12815"], "description": "ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directo ry visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included. ", "modified": "2019-08-01T03:01:16", "published": "2019-08-01T03:01:16", "id": "FEDORA:33B88608765B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: proftpd-1.3.6-21.fc30", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12815"], "description": "ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directo ry visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included. ", "modified": "2019-08-01T03:51:36", "published": "2019-08-01T03:51:36", "id": "FEDORA:9D9CB6072C9C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: proftpd-1.3.6-21.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7418"], "description": "ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directo ry visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included. ", "modified": "2017-04-19T09:32:01", "published": "2017-04-19T09:32:01", "id": "FEDORA:5902860677D4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: proftpd-1.3.5e-1.fc25", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7418"], "description": "ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directo ry visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included. ", "modified": "2017-04-14T17:23:56", "published": "2017-04-14T17:23:56", "id": "FEDORA:A8431603B3E1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: proftpd-1.3.5e-1.fc26", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7418"], "description": "ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directo ry visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included. ", "modified": "2017-04-18T16:50:45", "published": "2017-04-18T16:50:45", "id": "FEDORA:9FB5E604D16E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: proftpd-1.3.5e-1.fc24", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12815", "CVE-2019-18217"], "description": "ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directo ry visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included. ", "modified": "2019-10-29T01:08:19", "published": "2019-10-29T01:08:19", "id": "FEDORA:C30466075D83", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: proftpd-1.3.6b-1.fc30", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12815", "CVE-2019-18217"], "description": "ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directo ry visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included. ", "modified": "2019-10-28T01:54:28", "published": "2019-10-28T01:54:28", "id": "FEDORA:009F56090C08", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: proftpd-1.3.6b-1.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12815", "CVE-2019-18217", "CVE-2019-19269", "CVE-2019-19270"], "description": "ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directo ry visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included. ", "modified": "2019-12-08T01:03:48", "published": "2019-12-08T01:03:48", "id": "FEDORA:A94EA60469AA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: proftpd-1.3.6b-2.fc30", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12815", "CVE-2019-18217", "CVE-2019-19269", "CVE-2019-1927", "CVE-2019-19270", "CVE-2020-9273"], "description": "ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directo ry visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included. ", "modified": "2020-02-27T16:46:31", "published": "2020-02-27T16:46:31", "id": "FEDORA:BC526611093C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: proftpd-1.3.6c-1.fc30", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2019-08-15T19:22:56", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12815"], "description": "### Background\n\nProFTPD is an advanced and very configurable FTP server.\n\n### Description\n\nIt was discovered that ProFTPD\u2019s \u201cmod_copy\u201d module does not properly restrict privileges for anonymous users. \n\n### Impact\n\nA remote attacker, by anonymously uploading a malicious file, could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or disclose information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll ProFTPD users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-ftp/proftpd-1.3.6-r5\"", "edition": 1, "modified": "2019-08-15T00:00:00", "published": "2019-08-15T00:00:00", "id": "GLSA-201908-16", "href": "https://security.gentoo.org/glsa/201908-16", "title": "ProFTPD: Remote code execution", "type": "gentoo", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-01-11T01:34:44", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12815"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4491-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nAugust 04, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : proftpd-dfsg\nCVE ID : CVE-2019-12815\nDebian Bug : 932453\n\nTobias Maedel discovered that the mod_copy module of ProFTPD, a\nFTP/SFTP/FTPS server, performed incomplete permission validation for\nthe CPFR/CPTO commands.\n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 1.3.5b-4+deb9u1.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.3.6-4+deb10u1.\n\nWe recommend that you upgrade your proftpd-dfsg packages.\n\nFor the detailed security status of proftpd-dfsg please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/proftpd-dfsg\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 11, "modified": "2019-08-04T18:43:06", "published": "2019-08-04T18:43:06", "id": "DEBIAN:DSA-4491-1:275E9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00139.html", "title": "[SECURITY] [DSA 4491-1] proftpd-dfsg security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:01:32", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12815"], "description": "Package : proftpd-dfsg\nVersion : 1.3.5e+r1.3.5-2+deb8u3\nCVE ID : CVE-2019-12815\nDebian Bug : 932453\n\nTobias Maedel discovered that the mod_copy module of ProFTPD, a\nFTP/SFTP/FTPS server, performed incomplete permission validation for the\nCPFR/CPTO commands.\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n1.3.5e+r1.3.5-2+deb8u3.\n\nWe recommend that you upgrade your proftpd-dfsg packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 7, "modified": "2019-08-07T20:40:46", "published": "2019-08-07T20:40:46", "id": "DEBIAN:DLA-1873-1:7E39D", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201908/msg00006.html", "title": "[SECURITY] [DLA 1873-1] proftpd-dfsg security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:30", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7418"], "description": "New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\n14.2, and -current to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/proftpd-1.3.5e-i586-1_slack14.2.txz: Upgraded.\n This release fixes a security issue:\n AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7418\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/proftpd-1.3.5e-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/proftpd-1.3.5e-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/proftpd-1.3.5e-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/proftpd-1.3.5e-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/proftpd-1.3.5e-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/proftpd-1.3.5e-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/proftpd-1.3.5e-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/proftpd-1.3.5e-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/proftpd-1.3.5e-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/proftpd-1.3.5e-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/proftpd-1.3.5e-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/proftpd-1.3.5e-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/proftpd-1.3.6-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/proftpd-1.3.6-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n29fac5225474d7067f752356e3da5a19 proftpd-1.3.5e-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n2b2c93e021670a9d03344ddfa28c8f72 proftpd-1.3.5e-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\nad63b548c174417ff0783c1206557049 proftpd-1.3.5e-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n8e96161f5a60b7f4b12a4d05fc66b108 proftpd-1.3.5e-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\nee0a7aee737cd3b348c75c3a4be4480f proftpd-1.3.5e-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\nb02e14a5d3f0fd2ecbac46926b7b7af2 proftpd-1.3.5e-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n3f7c345f620b44324dc587357403c062 proftpd-1.3.5e-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n7631ac1d122b0f0cb2e7fad424851e19 proftpd-1.3.5e-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n7608c56fe55109efbea7e99f8dcbef52 proftpd-1.3.5e-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nce1c02de624381d2b9811d78cb54edf8 proftpd-1.3.5e-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n457000b30dd692332ec9ab122743f769 proftpd-1.3.5e-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\nbbd36fe6b194c63e1d9e6a8393704586 proftpd-1.3.5e-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n0399494a18f2ecfbfe81a0e301ed4064 n/proftpd-1.3.6-i586-1.txz\n\nSlackware x86_64 -current package:\nbbfafeb1b6ed34f1c610715405923e5f n/proftpd-1.3.6-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg proftpd-1.3.5e-i586-1_slack14.2.txz", "modified": "2017-04-22T16:42:55", "published": "2017-04-22T16:42:55", "id": "SSA-2017-112-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.545090", "type": "slackware", "title": "[slackware-security] proftpd", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:13", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7418"], "description": "\nNVD reports:\n\nProFTPD ... controls whether the home directory of a user could\n\t contain a symbolic link through the AllowChrootSymlinks\n\t configuration option, but checks only the last path component when\n\t enforcing AllowChrootSymlinks. Attackers with local access could\n\t bypass the AllowChrootSymlinks control by replacing a path\n\t component (other than the last one) with a symbolic link.\n\n", "edition": 4, "modified": "2017-03-06T00:00:00", "published": "2017-03-06T00:00:00", "id": "770D7E91-72AF-11E7-998A-08606E47F965", "href": "https://vuxml.freebsd.org/freebsd/770d7e91-72af-11e7-998a-08606e47f965.html", "title": "proftpd -- user chroot escape vulnerability", "type": "freebsd", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}], "thn": [{"lastseen": "2019-07-23T18:44:01", "bulletinFamily": "info", "cvelist": ["CVE-2015-3306", "CVE-2019-12815"], "description": "[](<https://1.bp.blogspot.com/-j8m5YT2TzXU/XTcrVmly8VI/AAAAAAAA0hc/MrjnHguT7fAlj4Pu6BPcovPh66orVoIuACLcBGAs/s728-e100/linux-ftp-server.png>)\n\nA German security researcher has publicly disclosed details of a serious vulnerability in one of the most popular FTP server applications, which is currently being used by more than one million servers worldwide. \n \nThe vulnerable software in question is **ProFTPD**, an open source FTP server used by a large number of popular businesses and websites including SourceForge, Samba and Slackware, and comes pre-installed with many Linux and Unix distributions, like Debian. \n \nDiscovered by [Tobias M\u00e4del](<https://tbspace.de/cve201912815proftpd.html>), the vulnerability resides in the mod_copy module of the ProFTPD application, a component that allows users to copy files/directories from one place to another on a server without having to transfer the data to the client and back. \n\n\n \nAccording to M\u00e4del, an incorrect access control issue in the mod_copy module could be exploited by an authenticated user to unauthorizedly copy any file on a specific location of the vulnerable FTP server where the user is otherwise not allowed to write a file. \n \nIn rare circumstances, the flaw may also lead to remote code execution or information disclosure attacks. \n \n[John Simpson](<https://twitter.com/thracky>), a security researcher at Trend Micro, told The Hacker News that to successfully achieve remote code execution on a targeted server, an attacker needs to copy a malicious PHP file to a location where it can be executed. \n \nTherefore, it's important to note that not every FTP server running vulnerable ProFTPD can be hijacked remotely, since the attacker requires log-in to the respective targeted server, or the server should have anonymous access enabled. \n\n\n[](<https://1.bp.blogspot.com/-tRNX-RXdftI/XTcsBfWSKII/AAAAAAAA0hs/dL_QxMehffoKdCYwAvrjbG8bBwge3xmTQCLcBGAs/s728-e100/shodan-search.jpg>)\n\nThe vulnerability, assigned as CVE-2019-12815, affects all versions of ProFTPd, including the latest 1.3.6 version which was released in 2017. \n \nSince the mod_copy module comes enabled by default in most operating systems using ProFTPD, the flaw could potentially affect a large number of servers. \n\n\n \nAccording to an [advisory](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12815>), the newly discovered issue is related to a 4-year-old similar vulnerability (CVE-2015-3306) in the mod_copy module that allows remote attackers to read and write to arbitrary files via the site CPFR and site CPTO commands. \n \nM\u00e4del reported the vulnerability to ProFTPd project maintainers in September last year, but the team did not take any action to address the issue for more than 9 months. \n \nSo, the researcher contacted the Debian Security Team last month, after which the ProFTPD team finally [created a patch](<https://github.com/proftpd/proftpd/pull/816>) and just last week backported it to ProFTPD 1.3.6 without releasing a new version of its FTP server. \n \nAs a workaround, server administrators can also disable the mod_copy module in the ProFTPd configuration file in order to protect themselves from being a victim of any attack related to this flaw.\n", "modified": "2019-07-23T18:31:50", "published": "2019-07-23T15:47:00", "id": "THN:AB717FBC8FF7C7C1D194A126C788DF50", "href": "https://thehackernews.com/2019/07/linux-ftp-server-security.html", "type": "thn", "title": "A New 'Arbitrary File Copy' Flaw Affects ProFTPD Powered FTP Servers", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ics": [{"lastseen": "2020-12-18T03:22:39", "bulletinFamily": "info", "cvelist": ["CVE-2019-18217", "CVE-2019-12815"], "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 9.8**\n * **ATTENTION: **Exploitable remotely/low skill level to exploit\n * **Vendor: **Siemens\n * **Equipment: **SIMATIC CP 1543-1\n * **Vulnerabilities:** Improper Access Control, Loop with Unreachable Exit Condition\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could allow for remote code execution and information disclosure without authentication, or unauthenticated denial of service.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of Siemens SIMATIC CP 1543-1, including SIPLUS NET variants, are affected:\n\n * All versions starting at 2.0 and prior to 2.2\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 I[MPROPER ACCESS CONTROL CWE-284](<https://cwe.mitre.org/data/definitions/284.html>)\n\nAn arbitrary file copy vulnerability in mod_copy of the embedded FTP server allows for remote code execution and information disclosure without authentication.\n\n[CVE-2019-12815](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12815>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.2 [LOOP WITH UNREACHABLE EXIT CONDITION CWE-835](<https://cwe.mitre.org/data/definitions/835.html>)\n\nIncorrect handling of overly long commands in the embedded FTP server allow an attacker to cause a denial-of-service condition by entering an infinite loop.\n\n[CVE-2019-18217](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18217>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Chemical, Energy, Food and Agriculture, Healthcare and Public Health, Transportation Systems, and Water and Wastewater Systems\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Germany\n\n### 3.4 RESEARCHER\n\nSiemens reported these vulnerabilities to CISA.\n\n## 4\\. MITIGATIONS\n\nThe latest update for SIMATIC CP 1543-1 contains fixes for the vulnerabilities within its embedded ProFTPD FPT server. Siemens recommends updating SIMATIC CP 1543-1 modules to [Version 2.2](<https://support.industry.siemens.com/cs/ww/en/view/109775642>)\n\nSiemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:\n\n * Disable the embedded FTP server. The server is deactivated in the default configuration.\n * Limit access to Port 21/TCP to trusted IP addresses.\n\nAs a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the environment according to [Siemens\u2019 operational guidelines for Industrial Security](<https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf>), and follow the recommendations in the product manuals.\n\nAdditional information on industrial security by Siemens can be found at: <https://www.siemens.com/industrialsecurity>. \nFor more information on the vulnerabilities and detailed mitigation instructions, please see Siemens security advisory [SSA-940889](<http://www.siemens.com/cert/advisories>)\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://www.us-cert.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.gov](<https://www.us-cert.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.gov](<https://www.us-cert.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ics/advisories/icsa-20-042-03>); we'd welcome your feedback.\n", "edition": 6, "modified": "2020-02-11T00:00:00", "published": "2020-02-11T00:00:00", "id": "ICSA-20-042-03", "href": "https://www.us-cert.gov//ics/advisories/icsa-20-042-03", "title": "Siemens SIMATIC CP 1543-1", "type": "ics", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
