Upstream information

CVE-2017-7418 at MITRE

Description

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 2.1
Vector AV:L/AC:L/Au:N/C:N/I:P/A:N
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
CVSS v3 Scores
  National Vulnerability Database
Base Score 5.5
Vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Access Vector Local
Access Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Impact None
Integrity Impact High
Availability Impact None
No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 42.1
  • proftpd >= 1.3.5d-7.1
  • proftpd-debuginfo >= 1.3.5d-7.1
  • proftpd-debugsource >= 1.3.5d-7.1
  • proftpd-devel >= 1.3.5d-7.1
  • proftpd-doc >= 1.3.5d-7.1
  • proftpd-lang >= 1.3.5d-7.1
  • proftpd-ldap >= 1.3.5d-7.1
  • proftpd-ldap-debuginfo >= 1.3.5d-7.1
  • proftpd-mysql >= 1.3.5d-7.1
  • proftpd-mysql-debuginfo >= 1.3.5d-7.1
  • proftpd-pgsql >= 1.3.5d-7.1
  • proftpd-pgsql-debuginfo >= 1.3.5d-7.1
  • proftpd-radius >= 1.3.5d-7.1
  • proftpd-radius-debuginfo >= 1.3.5d-7.1
  • proftpd-sqlite >= 1.3.5d-7.1
  • proftpd-sqlite-debuginfo >= 1.3.5d-7.1
Patchnames:
openSUSE-2017-481
openSUSE Leap 42.2
  • proftpd >= 1.3.5d-6.3.1
  • proftpd-debuginfo >= 1.3.5d-6.3.1
  • proftpd-debugsource >= 1.3.5d-6.3.1
  • proftpd-devel >= 1.3.5d-6.3.1
  • proftpd-doc >= 1.3.5d-6.3.1
  • proftpd-lang >= 1.3.5d-6.3.1
  • proftpd-ldap >= 1.3.5d-6.3.1
  • proftpd-ldap-debuginfo >= 1.3.5d-6.3.1
  • proftpd-mysql >= 1.3.5d-6.3.1
  • proftpd-mysql-debuginfo >= 1.3.5d-6.3.1
  • proftpd-pgsql >= 1.3.5d-6.3.1
  • proftpd-pgsql-debuginfo >= 1.3.5d-6.3.1
  • proftpd-radius >= 1.3.5d-6.3.1
  • proftpd-radius-debuginfo >= 1.3.5d-6.3.1
  • proftpd-sqlite >= 1.3.5d-6.3.1
  • proftpd-sqlite-debuginfo >= 1.3.5d-6.3.1
Patchnames:
openSUSE-2017-481