Vulnerability identifier: #VU35035

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-19270

CWE-ID: CWE-295

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ProFTPD
Server applications / File servers (FTP/HTTP)
Fedora
Operating systems & Components / Operating system

Vendor: ProFTPD
Fedoraproject

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.

Mitigation
Install update from vendor's website.

Vulnerable software versions

ProFTPD: 1.3.6

Fedora: 1.3.6 - 31

---

External links
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html
http://github.com/proftpd/proftpd/issues/859
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGBBCPLJSDPFG5EI5P5G7P4KEX7YSD5G/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QR65XUHPCRU3NXTSFVF2J4GWRIHC7AHW/

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.