CVE-2017-7418

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions ProFTPD versions prior to 1.3.5e ProFTPD versions 1.3.6 prior to 1.3.6rc5

Description The issue allows attackers with local access to bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. This could be exploited by an attacker who is not granted full filesystem access but can reconfigure the home directory of an FTP user.

Recommendations For ProFTPD versions prior to 1.3.5e, update to version 1.3.5e or later. For ProFTPD versions 1.3.6 prior to 1.3.6rc5, update to version 1.3.6rc5 or later.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

ALT-PU-2018-1000

ALT-PU-2021-2692

ALT-PU-2023-5874

ALT-PU-2024-13729

CVE-2017-7418

MGASA-2017-0115

OPENSUSE-SU-2019:1836-1

OPENSUSE-SU-2019:1870-1

OPENSUSE-SU-2019_1836-1

OPENSUSE-SU-2020:0031-1

OPENSUSE-SU-2020_0031-1

OPENSUSE-SU-2024:11196-1

Affected Products

Alt Linux

Proftpd

Suse

CVE-2017-7418

Weakness Enumeration

Related Identifiers

Affected Products

References · 75