MGASA-2019-0314
Advisory lineage Upstream: 2 Downstream: 0
Upstream
Published: 07 Nov 2019, 23:36
Last modified:16 Apr 2026, 04:26
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
07 Nov 2019, 23:36
Published
Vulnerability first disclosed
16 Apr 2026, 04:26
Last Modified
Vulnerability information updated
Description
Updated proftpd packages fix security vulnerabilities Updated proftpd package fixes security vulnerabilities: It was discovered that the mod_copy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands (CVE-2019-12815). It was discovered that due to incorrect handling of overly long commands, a remote unauthenticated user could trigger a denial-of-service by reaching an endless loop (CVE-2019-18217).
Affected Systems
- mageia•proftpd
< 1.3.5e-4.1.mga7