Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
189
VMScore

CVE-2017-7418

Published: 04/04/2017 Updated: 08/08/2019
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 189
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Proftpd

Vulnerability Summary

ProFTPD prior to 1.3.5e and 1.3.6 prior to 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

proftpd proftpd 1.3.6

proftpd proftpd

Vendor Advisories

Debian CVElist Bug Report Logs: proftpd-dfsg: CVE-2017-7418
Debian Bug report logs - #859592 proftpd-dfsg: CVE-2017-7418 Package: src:proftpd-dfsg; Maintainer for src:proftpd-dfsg is ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 5 Apr 2017 04:24:01 UTC Severity: important Tags: pa ...

References

CWE-59https://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579fhttps://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4edhttp://bugs.proftpd.org/show_bug.cgi?id=4295http://www.securityfocus.com/bid/97409http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859592https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook