FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
770d7e91-72af-11e7-998a-08606e47f965proftpd -- user chroot escape vulnerability

NVD reports:

ProFTPD ... controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link.


Discovery 2017-03-06
Entry 2017-07-27
proftpd
< 1.3.5e

http://bugs.proftpd.org/show_bug.cgi?id=4295
CVE-2017-7418
a733b5ca-06eb-11e6-817f-3085a9a4510dproftpd -- vulnerability in mod_tls

MITRE reports:

The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.


Discovery 2016-03-08
Entry 2016-04-20
proftpd
< 1.3.5b

= 1.3.6.r1

CVE-2016-3125