Page 3 of 44 results (0.009 seconds)

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user. ProFTPD en versiones anteriores a 1.3.5e y 1.3.6 en versiones anteriores a 1.3.6rc5 controlan si el directorio de inicio de un usuario puede contener un enlace simbólico hasta la versión de la opción de configuración AllowChrootSymlinks, pero comprueba sólo el último componente de ruta al aplicar AllowChrootSymlinks. Los atacantes con acceso local pueden omitir el control AllowChrootSymlinks reemplazando un componente de ruta (que no sea el último) con un enlace simbólico. • http://bugs.proftpd.org/show_bug.cgi?id=4295 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html http://www.securityfocus.com/bid/97409 https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f https://github.com/proftpd/proftpd/pull/444/ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. El módulo mod_tls en ProFTPD en versiones anteriores a 1.3.5b y 1.3.6 en versiones anteriores a 1.3.6rc2 no maneja correctamente la directiva TLSDHParamFile, lo cual puede causar que se utilice una clave Diffie-Hellman (DH) más débil de lo deseado y como consecuencia permitir a atacantes tener un impacto no especificado a través de vectores desconocidos. • http://bugs.proftpd.org/show_bug.cgi?id=4230 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179109.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179143.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179905.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00080.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00045.html http://proftpd.org/docs/NEWS-1.3.5b http://proftpd.org/docs/NEWS-1.3.6r • CWE-254: 7PK - Security Features CWE-310: Cryptographic Issues •

CVSS: 10.0EPSS: 97%CPEs: 1EXPL: 8

The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. El módulo mod_copy en ProFTPD 1.3.5 permite a atacantes remotos leer y escribir en ficheros arbitrarios a través de los comandos site cpfr y site cpto. • https://www.exploit-db.com/exploits/37262 https://www.exploit-db.com/exploits/36803 https://www.exploit-db.com/exploits/49908 https://www.exploit-db.com/exploits/36742 https://github.com/t0kx/exploit-CVE-2015-3306 https://github.com/davidtavarez/CVE-2015-3306 https://github.com/cd6629/CVE-2015-3306-Python-PoC https://github.com/cdedmondson/Modified-CVE-2015-3306-Exploit http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html http://lists.fedoraproject.o • CWE-284: Improper Access Control •

CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 2

Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation. Desbordamiento de entero en kbdint.c en mod_sftp en ProFTPD 1.3.4d y 1.3.5r3 permite a atacantes remotos causar denegación de servicio (consumo de memoria) a través de un valor grande del contador de respuestas en una petición de autenticación, lo cual dispara una gran reserva de memoria. • http://bugs.proftpd.org/show_bug.cgi?id=3973 http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication http://lists.opensuse.org/opensuse-updates/2013-10/msg00032.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html http://www.debian.org/security/2013/dsa-2767 http://www.openwall.com/lists/oss-security/2013/09/17/6 • CWE-189: Numeric Errors •

CVSS: 1.2EPSS: 0%CPEs: 68EXPL: 0

ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands. ProFTPD anterior a v1.3.5rc1, cuando se usa con la directiva UserOwner, permite a usuarios locales modificar la propiedad de archivos arbitrarios a través de una condición de carrera y un ataque de enlace simbólico sobre los comandos (1) MKD o (2) XMKD. • http://bugs.proftpd.org/show_bug.cgi?id=3841 http://proftpd.org/docs/NEWS-1.3.5rc1 http://secunia.com/advisories/51823 http://www.debian.org/security/2013/dsa-2606 http://www.openwall.com/lists/oss-security/2013/01/07/3 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •