CVE-2017-12170

Name of the Vulnerable Software and Affected Versions pure-ftpd version 1.0.46-1

Description The issue is related to a packaging error in pure-ftpd, which causes the original configuration to be ignored after an update, resulting in the service running with the default configuration. This has security implications due to the overriding of security-related configuration. The vulnerability may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For pure-ftpd version 1.0.46-1, ensure that the configuration is manually updated to reflect the original security settings after an update, to prevent the service from running with the default configuration. As a temporary workaround, consider manually overriding the default configuration with the original security-related settings until a proper fix is applied.