ID de Prueba:	1.3.6.1.4.1.25623.1.0.810731
Categoría:	FTP
Título:	ProFTPD 'AllowChrootSymlinks' Local Security Bypass Vulnerability
Resumen:	ProFTPD server is prone to local security bypass vulnerability.
Descripción:	Summary: ProFTPD server is prone to local security bypass vulnerability. Vulnerability Insight: The ProFTPD controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Vulnerability Impact: Successful exploitation will allow attackers to bypass certain security restrictions and perform unauthorized actions. Affected Software/OS: ProFTPD versions prior to 1.3.5e and 1.3.6 prior to 1.3.6rc5 are vulnerable. Solution: Upgrade ProFTPD 1.3.5e, 1.3.6rc5 or later. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7418 BugTraq ID: 97409 http://www.securityfocus.com/bid/97409 SuSE Security Announcement: openSUSE-SU-2019:1836 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html SuSE Security Announcement: openSUSE-SU-2019:1870 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html SuSE Security Announcement: openSUSE-SU-2020:0031 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html
Copyright	Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.