Wind River Support Network

HomeDefectsLIN8-6350
Fixed

LIN8-6350 : Security Advisory - proftpd - CVE-2017-7418

Created: Apr 12, 2017    Updated: Dec 3, 2018
Resolved Date: May 11, 2017
Found In Version: 8.0.0.16
Fix Version: 8.0.0.18
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7418

Other Downloads


CVEs


Live chat
Online