Main Vulnerability Database Vulnerabilities #VU310

Security restrictions bypass in vsftpd - CVE-2015-1419

Published: August 15, 2016 / Updated: November 20, 2018

Vulnerability identifier: #VU310

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2015-1419

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: vsftpd

Affected software:
vsftpd

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unknown error related to parsing of "deny_file" option. A remote authenticated attacker can bypass certain security restrictions and gain unauthorized access to protected files on the system.

Successful exploitation of the vulnerability may allow an authenticated attacker to bypass intended security restrictions.

How to mitigate CVE-2015-1419

Install the latest version 3.0.3 from vendor’s website.

Security restrictions bypass in vsftpd - CVE-2015-1419

Detailed vulnerability description

How to mitigate CVE-2015-1419

Sources

Please verify you're human