Test ID:	1.3.6.1.4.1.25623.1.0.810731
Category:	FTP
Title:	ProFTPD 'AllowChrootSymlinks' Local Security Bypass Vulnerability
Summary:	ProFTPD server is prone to local security bypass vulnerability.
Description:	Summary: ProFTPD server is prone to local security bypass vulnerability. Vulnerability Insight: The ProFTPD controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Vulnerability Impact: Successful exploitation will allow attackers to bypass certain security restrictions and perform unauthorized actions. Affected Software/OS: ProFTPD versions prior to 1.3.5e and 1.3.6 prior to 1.3.6rc5 are vulnerable. Solution: Upgrade ProFTPD 1.3.5e, 1.3.6rc5 or later. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7418 BugTraq ID: 97409 http://www.securityfocus.com/bid/97409 SuSE Security Announcement: openSUSE-SU-2019:1836 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html SuSE Security Announcement: openSUSE-SU-2019:1870 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html SuSE Security Announcement: openSUSE-SU-2020:0031 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.