CVE-2017-7418

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-7418
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7418.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-7418
Downstream
Related
Published
2017-04-04T17:59:00Z
Modified
2025-10-21T04:21:04.004308Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.

References

Affected packages

Git / github.com/proftpd/proftpd

Affected ranges

Type
GIT
Repo
https://github.com/proftpd/proftpd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ecff21e0d0e84f35c299ef91d7fda088e516d4ed
Fixed
f59593e6ff730b832dbe8754916cb5c821db579f

Affected versions

v1.*

v1.3.5a
v1.3.5b
v1.3.5c
v1.3.5d
v1.3.6rc1
v1.3.6rc2
v1.3.6rc3
v1.3.6rc4

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "59590892394869156023812715275342572760",
                "270386661161684928713681849091493785458",
                "198787703278867517531918267294785723015",
                "208920352700314283701362979671730391202",
                "146578314306666417094527976238207015727",
                "298428603847323147941021401075162180996",
                "61822573162059068004868197233857662159",
                "188890963132065134098107933039954828199",
                "250839359992664586314843329620347729784",
                "323239611206853208171846019450489718947",
                "287588130334373726795145698050641377492",
                "137875203618510821690402191531148384663",
                "287913322549270122854244161650935339067",
                "184005695843898752196320072161682181493",
                "171716236844954466234065946424506747236",
                "198914642754053393492138039271949945751",
                "254170595138499013960913661538959688777",
                "298953937012080739100419252459936484568",
                "53732683892044204321610777113302028805",
                "329986234801673316691730963565413513382",
                "114887498723556956325107821221188505643",
                "137675263573223038146825489290027861793",
                "59185781030408566358554137170749909691",
                "58635136762631682640194131941431873114"
            ]
        },
        "signature_type": "Line",
        "id": "CVE-2017-7418-3f92402e",
        "target": {
            "file": "modules/mod_auth.c"
        },
        "source": "https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 1817.0,
            "function_hash": "213520693192006226101264800265476806204"
        },
        "signature_type": "Function",
        "id": "CVE-2017-7418-8bb34baa",
        "target": {
            "file": "modules/mod_auth.c",
            "function": "get_default_root"
        },
        "source": "https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed",
        "deprecated": false
    }
]