Test Kennung:	1.3.6.1.4.1.25623.1.0.810731
Kategorie:	FTP
Titel:	ProFTPD 'AllowChrootSymlinks' Local Security Bypass Vulnerability
Zusammenfassung:	ProFTPD server is prone to local security bypass vulnerability.
Beschreibung:	Summary: ProFTPD server is prone to local security bypass vulnerability. Vulnerability Insight: The ProFTPD controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Vulnerability Impact: Successful exploitation will allow attackers to bypass certain security restrictions and perform unauthorized actions. Affected Software/OS: ProFTPD versions prior to 1.3.5e and 1.3.6 prior to 1.3.6rc5 are vulnerable. Solution: Upgrade ProFTPD 1.3.5e, 1.3.6rc5 or later. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7418 BugTraq ID: 97409 http://www.securityfocus.com/bid/97409 SuSE Security Announcement: openSUSE-SU-2019:1836 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html SuSE Security Announcement: openSUSE-SU-2019:1870 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html SuSE Security Announcement: openSUSE-SU-2020:0031 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html
Copyright	Copyright (C) 2017 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.