
CVE-2023-51713 – Ubuntu Security Notice USN-7297-1
https://notcve.org/view.php?id=CVE-2023-51713
22 Dec 2023 — make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics. make_ftp_cmd en main.c en ProFTPD anterior a 1.3.8a tiene una lectura fuera de los límites de un byte y el daemon falla debido a un mal manejo de las semánticas de quote/backslash. Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that the transport protocol implementation in ProFTPD had weak integrity checks. An attacker could use this vulnera... • https://github.com/proftpd/proftpd/blob/1.3.8/NEWS • CWE-125: Out-of-bounds Read •

CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •

CVE-2021-46854 – Gentoo Linux Security Advisory 202305-03
https://notcve.org/view.php?id=CVE-2021-46854
23 Nov 2022 — mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. mod_radius en ProFTPD anterior a 1.3.7c permite la divulgación de memoria a servidores RADIUS porque copia bloques de 16 caracteres. A vulnerability has been discovered in ProFTPd which could result in memory disclosure. Versions less than 1.3.7c are affected. • http://www.proftpd.org/docs/RELEASE_NOTES-1.3.7e • CWE-401: Missing Release of Memory after Effective Lifetime •

CVE-2020-9272 – Gentoo Linux Security Advisory 202003-35
https://notcve.org/view.php?id=CVE-2020-9272
20 Feb 2020 — ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. ProFTPD versión 1.3.7, presenta una vulnerabilidad de lectura fuera de límites (OOB) en mod_cap por medio de la función cap_to_text del archivo cap_text.c. Multiple vulnerabilities have been found in ProFTPd, the worst of which may lead to arbitrary code execution. Versions less than 1.3.6c are affected. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html • CWE-125: Out-of-bounds Read •

CVE-2019-19269 – Gentoo Linux Security Advisory 202003-35
https://notcve.org/view.php?id=CVE-2019-19269
26 Nov 2019 — An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. Se detectó un problema en tls_verify_crl en ProFTPD versiones hasta 1.3.6b. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html • CWE-476: NULL Pointer Dereference •

CVE-2019-19270
https://notcve.org/view.php?id=CVE-2019-19270
26 Nov 2019 — An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server. Se detectó un problema en la función tls_verify_crl en ProFTPD versiones hasta 1.3.6b. Un fallo en la comprobación del campo apropiado de una entra... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html • CWE-295: Improper Certificate Validation •

CVE-2019-18217 – Gentoo Linux Security Advisory 202003-35
https://notcve.org/view.php?id=CVE-2019-18217
21 Oct 2019 — ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop. ProFTPD versiones anteriores a 1.3.6b y versiones 1.3.7rc anteriores a 1.3.7rc2, permite una denegación de servicio remota no autenticada debido al manejo incorrecto de comandos demasiado largos porque el archivo main.c en un proceso secundario entra en un bucle infinito. Multiple vulnerabilities have be... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVE-2017-7418 – Slackware Security Advisory - proftpd Updates
https://notcve.org/view.php?id=CVE-2017-7418
04 Apr 2017 — ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but ... • http://bugs.proftpd.org/show_bug.cgi?id=4295 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVE-2016-3125
https://notcve.org/view.php?id=CVE-2016-3125
05 Apr 2016 — The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. El módulo mod_tls en ProFTPD en versiones anteriores a 1.3.5b y 1.3.6 en versiones anteriores a 1.3.6rc2 no maneja correctamente la directiva TLSDHParamFile, lo cual puede causar que se utilice una clave Diffie-Hellman (DH) más dé... • http://bugs.proftpd.org/show_bug.cgi?id=4230 • CWE-254: 7PK - Security Features CWE-310: Cryptographic Issues •