FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-10-15 15:07:02 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
770d7e91-72af-11e7-998a-08606e47f965	proftpd -- user chroot escape vulnerability NVD reports: ProFTPD ... controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. Discovery 2017-03-06 Entry 2017-07-27 proftpd < 1.3.5e http://bugs.proftpd.org/show_bug.cgi?id=4295 CVE-2017-7418

VuXML ID

Description

770d7e91-72af-11e7-998a-08606e47f965

proftpd -- user chroot escape vulnerability

NVD reports:

ProFTPD ... controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link.

Discovery 2017-03-06
Entry 2017-07-27
proftpd

< 1.3.5e

http://bugs.proftpd.org/show_bug.cgi?id=4295
CVE-2017-7418