CVE-2020-20277

Name of the Vulnerable Software and Affected Versions uftpd FTP server versions 2.7 to 2.10

Description The issue arises from improper implementation of a chroot jail in the compose abspath function in common.c, leading to multiple unauthenticated directory traversal vulnerabilities in different FTP commands. This can be exploited to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution.

Recommendations For uftpd FTP server versions 2.7 to 2.10, consider disabling the affected FTP commands until a patch is available. Restrict access to the compose abspath function in common.c to minimize the risk of exploitation. Avoid using the vulnerable FTP server versions until an update or fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.