![]() ![]() Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.Īn arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. A dereference of a NULL pointer may occur. ![]() Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.Īn issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to proceed with a connection to the server.Īn issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.Īn issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.Īn issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution. In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. Mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. ![]()
0 Comments
Leave a Reply. |