Main Vulnerability Database SB2017092132

SB2017092132 - Input validation error in PureFTPd Pure-FTPd

Published: September 21, 2017 Updated: August 8, 2020

Security Bulletin ID SB2017092132

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2017-12170)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.

Remediation

Install update from vendor's website.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1493114