cve-2017-7418
Vulnerability from cvelistv5
Published
2017-04-04 17:00
Modified
2024-08-05 16:04
Severity ?
Summary
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.
References
cve@mitre.orghttp://bugs.proftpd.org/show_bug.cgi?id=4295Issue Tracking, Patch
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html
cve@mitre.orghttp://www.securityfocus.com/bid/97409Third Party Advisory, VDB Entry
cve@mitre.orghttps://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4edIssue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579fIssue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://bugs.proftpd.org/show_bug.cgi?id=4295Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/97409Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4edIssue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579fIssue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8Issue Tracking, Patch, Third Party Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.proftpd.org/show_bug.cgi?id=4295"
          },
          {
            "name": "97409",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97409"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8"
          },
          {
            "name": "openSUSE-SU-2019:1836",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html"
          },
          {
            "name": "openSUSE-SU-2019:1870",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html"
          },
          {
            "name": "openSUSE-SU-2020:0031",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-13T21:06:07",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.proftpd.org/show_bug.cgi?id=4295"
        },
        {
          "name": "97409",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97409"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8"
        },
        {
          "name": "openSUSE-SU-2019:1836",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html"
        },
        {
          "name": "openSUSE-SU-2019:1870",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html"
        },
        {
          "name": "openSUSE-SU-2020:0031",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7418",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed",
              "refsource": "CONFIRM",
              "url": "https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed"
            },
            {
              "name": "https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f",
              "refsource": "CONFIRM",
              "url": "https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f"
            },
            {
              "name": "http://bugs.proftpd.org/show_bug.cgi?id=4295",
              "refsource": "CONFIRM",
              "url": "http://bugs.proftpd.org/show_bug.cgi?id=4295"
            },
            {
              "name": "97409",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97409"
            },
            {
              "name": "https://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8",
              "refsource": "CONFIRM",
              "url": "https://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8"
            },
            {
              "name": "openSUSE-SU-2019:1836",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2019:1870",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html"
            },
            {
              "name": "openSUSE-SU-2020:0031",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7418",
    "datePublished": "2017-04-04T17:00:00",
    "dateReserved": "2017-04-04T00:00:00",
    "dateUpdated": "2024-08-05T16:04:11.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-7418\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-04-04T17:59:00.337\",\"lastModified\":\"2024-11-21T03:31:51.593\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.\"},{\"lang\":\"es\",\"value\":\"ProFTPD en versiones anteriores a 1.3.5e y 1.3.6 en versiones anteriores a 1.3.6rc5 controlan si el directorio de inicio de un usuario puede contener un enlace simb\u00f3lico hasta la versi\u00f3n de la opci\u00f3n de configuraci\u00f3n AllowChrootSymlinks, pero comprueba s\u00f3lo el \u00faltimo componente de ruta al aplicar AllowChrootSymlinks. Los atacantes con acceso local pueden omitir el control AllowChrootSymlinks reemplazando un componente de ruta (que no sea el \u00faltimo) con un enlace simb\u00f3lico. El modelo de amenaza incluye un atacante al que no se concede acceso completo al sistema de archivos por parte de un proveedor de alojamiento, pero puede reconfigurar el directorio de inicio de un usuario FTP.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:proftpd:proftpd:*:d:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3.5\",\"matchCriteriaId\":\"17E56F7D-3F37-44E2-9ADB-24F06125A5A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:proftpd:proftpd:1.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40A2C657-27EB-475E-9591-99E03DBDA12B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:proftpd:proftpd:1.3.6:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6475817-8CC7-4C0C-A9A6-E58189852DA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:proftpd:proftpd:1.3.6:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"84CB8C28-C432-4FD4-9B76-CA6C2C8824D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:proftpd:proftpd:1.3.6:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"21D053B1-AFDE-4859-ACFB-C51DC28EAA04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:proftpd:proftpd:1.3.6:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA9A0785-FF92-4AB0-8F42-9060FB24120E\"}]}]}],\"references\":[{\"url\":\"http://bugs.proftpd.org/show_bug.cgi?id=4295\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/97409\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://bugs.proftpd.org/show_bug.cgi?id=4295\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/97409\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.