{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-04-04T00:00:00", "descriptions": [{"lang": "en", "value": "ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-13T21:06:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.proftpd.org/show_bug.cgi?id=4295"}, {"name": "97409", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97409"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8"}, {"name": "openSUSE-SU-2019:1836", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html"}, {"name": "openSUSE-SU-2019:1870", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html"}, {"name": "openSUSE-SU-2020:0031", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7418", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed", "refsource": "CONFIRM", "url": "https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed"}, {"name": "https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f", "refsource": "CONFIRM", "url": "https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f"}, {"name": "http://bugs.proftpd.org/show_bug.cgi?id=4295", "refsource": "CONFIRM", "url": "http://bugs.proftpd.org/show_bug.cgi?id=4295"}, {"name": "97409", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97409"}, {"name": "https://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8", "refsource": "CONFIRM", "url": "https://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8"}, {"name": "openSUSE-SU-2019:1836", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html"}, {"name": "openSUSE-SU-2019:1870", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html"}, {"name": "openSUSE-SU-2020:0031", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7418", "datePublished": "2017-04-04T17:00:00", "dateReserved": "2017-04-04T00:00:00", "dateUpdated": "2020-01-13T21:06:07", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:proftpd:proftpd:*:d:*:*:*:*:*:*", "matchCriteriaId": "17E56F7D-3F37-44E2-9ADB-24F06125A5A4", "versionEndIncluding": "1.3.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:proftpd:proftpd:1.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "40A2C657-27EB-475E-9591-99E03DBDA12B", "vulnerable": true}, {"criteria": "cpe:2.3:a:proftpd:proftpd:1.3.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "B6475817-8CC7-4C0C-A9A6-E58189852DA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:proftpd:proftpd:1.3.6:rc2:*:*:*:*:*:*", "matchCriteriaId": "84CB8C28-C432-4FD4-9B76-CA6C2C8824D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:proftpd:proftpd:1.3.6:rc3:*:*:*:*:*:*", "matchCriteriaId": "21D053B1-AFDE-4859-ACFB-C51DC28EAA04", "vulnerable": true}, {"criteria": "cpe:2.3:a:proftpd:proftpd:1.3.6:rc4:*:*:*:*:*:*", "matchCriteriaId": "AA9A0785-FF92-4AB0-8F42-9060FB24120E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user."}, {"lang": "es", "value": "ProFTPD en versiones anteriores a 1.3.5e y 1.3.6 en versiones anteriores a 1.3.6rc5 controlan si el directorio de inicio de un usuario puede contener un enlace simb\u00f3lico hasta la versi\u00f3n de la opci\u00f3n de configuraci\u00f3n AllowChrootSymlinks, pero comprueba s\u00f3lo el \u00faltimo componente de ruta al aplicar AllowChrootSymlinks. Los atacantes con acceso local pueden omitir el control AllowChrootSymlinks reemplazando un componente de ruta (que no sea el \u00faltimo) con un enlace simb\u00f3lico. El modelo de amenaza incluye un atacante al que no se concede acceso completo al sistema de archivos por parte de un proveedor de alojamiento, pero puede reconfigurar el directorio de inicio de un usuario FTP."}], "id": "CVE-2017-7418", "lastModified": "2019-08-08T15:15:11.483", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-04T17:59:00.337", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "http://bugs.proftpd.org/show_bug.cgi?id=4295"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97409"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}