Search for packages
| purl | pkg:deb/ubuntu/proftpd-dfsg@1.3.4~rc2-4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5ec9-der5-aaab
Aliases: CVE-2016-3125 |
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. |
Affected by 5 other vulnerabilities. |
|
VCID-bgwf-hej6-aaac
Aliases: CVE-2019-12815 |
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. |
Affected by 1 other vulnerability. |
|
VCID-ces2-asry-aaaj
Aliases: CVE-2019-19271 |
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to proceed with a connection to the server. |
Affected by 1 other vulnerability. |
|
VCID-gm72-zyaz-aaac
Aliases: CVE-2017-7418 |
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user. |
Affected by 4 other vulnerabilities. |
|
VCID-hhjt-wqw4-aaak
Aliases: CVE-2020-9273 |
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution. |
Affected by 0 other vulnerabilities. |
|
VCID-j4rj-fwju-aaaf
Aliases: CVE-2019-19272 |
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. |
Affected by 1 other vulnerability. |
|
VCID-n68h-btwc-aaah
Aliases: CVE-2012-6095 |
ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands. |
Affected by 8 other vulnerabilities. |
|
VCID-s1gd-gp1p-aaar
Aliases: CVE-2015-3306 |
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. |
Affected by 7 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-xxs7-fu94-aaan
Aliases: CVE-2013-4359 |
Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation. |
Affected by 7 other vulnerabilities. Affected by 7 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|