Home CVE Database CVE-2017-7418

CVE-2017-7418

Description

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.

Priority: LOW
CVSS v3: 5.5
Publish Date: Apr 4, 2017
Related ID: --
CVSS v2: Medium
Modified Date: Apr 6, 2017

Find out more about CVE-2017-7418 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Not Vulnerable -- -- --
Wind River Linux 9 Fixed LIN9-3879
9.0.0.6 Wind River Linux 9.0.0.6
Wind River Linux 8 Fixed LIN8-6350
8.0.0.18 Wind River Linux 8.0.0.18
Wind River Linux 8.0.0.19
Wind River Linux 8.0.0.20
Wind River Linux 8.0.0.21
Wind River Linux 8.0.0.22
Wind River Linux 8.0.0.23
Wind River Linux 8.0.0.24
Wind River Linux 8.0.0.25
Wind River Linux 8.0.0.26
Wind River Linux 8.0.0.27
Wind River Linux 8.0.0.28
Wind River Linux 8.0.0.29
Wind River Linux 8.0.0.30
Wind River Linux 8.0.0.31
Wind River Linux 8.0.0.32
Wind River Linux 8.0.0.33
Wind River Linux LTS 18 Not Vulnerable -- -- --
Wind River Linux LTS 19 Not Vulnerable -- -- --
Wind River Linux CD release Not Vulnerable -- -- --
VxWorks
VxWorks 7 Not Vulnerable -- -- --
VxWorks 6.9 Not Vulnerable -- -- --

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

proftpd

Live chat
Online