#VU310 Security restrictions bypass in vsftpd - CVE-2015-1419
Published: August 15, 2016 / Updated: November 20, 2018
Vulnerability identifier: #VU310
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-1419
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
vsftpd
vsftpd
Software vendor:
vsftpd
vsftpd
Description
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unknown error related to parsing of "deny_file" option. A remote authenticated attacker can bypass certain security restrictions and gain unauthorized access to protected files on the system.
Successful exploitation of the vulnerability may allow an authenticated attacker to bypass intended security restrictions.
Remediation
Install
the latest version 3.0.3 from vendor’s website.