This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Proftpd First view 2017-04-04
Product Proftpd Last view 2019-11-30
Version 1.3.6 Type Application
Update rc3  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:proftpd:proftpd

Activity : Overall

Related : CVE

  Date Alert Description
4.9 2019-11-30 CVE-2019-19269

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.

7.5 2019-10-21 CVE-2019-18217

ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.

5.5 2017-04-04 CVE-2017-7418

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-476 NULL Pointer Dereference
50% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

Nessus® Vulnerability Scanner

id Description
2017-07-28 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_770d7e9172af11e7998a08606e47f965.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-5a01498b4b.nasl - Type: ACT_GATHER_INFO
2017-04-24 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2017-112-03.nasl - Type: ACT_GATHER_INFO
2017-04-20 Name: The remote Fedora host is missing a security update.
File: fedora_2017-c6f424c3ff.nasl - Type: ACT_GATHER_INFO
2017-04-19 Name: The remote Fedora host is missing a security update.
File: fedora_2017-e15e37b689.nasl - Type: ACT_GATHER_INFO
2017-04-18 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-481.nasl - Type: ACT_GATHER_INFO