MGASA-2017-0115

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2017-7418

Published: 24 Apr 2017, 07:27

Last modified:16 Apr 2026, 06:25

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

24 Apr 2017, 07:27

Published

Vulnerability first disclosed

16 Apr 2026, 06:25

Last Modified

Vulnerability information updated

Description

Updated proftpd packages fix security vulnerability ProFTPD before 1.3.5e controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user (CVE-2017-7418).

Affected Systems

mageia•proftpd
< 1.3.5e-1.mga5

MGASA-2017-0115

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)