Oval Definition:oval:org.opensuse.security:def:20177418
Revision Date:2022-06-30Version:1
Title:CVE-2017-7418
Description:

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-7418
openSUSE-SU-2017:1035-1
openSUSE-SU-2019:1836-1
openSUSE-SU-2019:1870-1
openSUSE-SU-2020:0031-1
Mitre CVE-2017-7418
SUSE CVE-2017-7418
openSUSE-SU-2017:1035-1
openSUSE-SU-2019:1836-1
openSUSE-SU-2019:1870-1
openSUSE-SU-2020:0031-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
openSUSE Leap 42.1
openSUSE Leap 42.2
openSUSE Tumbleweed
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
SUSE Package Hub for SUSE Linux Enterprise 15
SUSE Package Hub for SUSE Linux Enterprise 15 SP1
Product(s):
Definition Synopsis
  • openSUSE Leap 42.2 is installed
  • AND Package Information
  • proftpd-1.3.5d-6.3.1 is installed
  • AND proftpd is signed with openSUSE key
  • OR
  • proftpd-devel-1.3.5d-6.3.1 is installed
  • AND proftpd-devel is signed with openSUSE key
  • OR
  • proftpd-doc-1.3.5d-6.3.1 is installed
  • AND proftpd-doc is signed with openSUSE key
  • OR
  • proftpd-lang-1.3.5d-6.3.1 is installed
  • AND proftpd-lang is signed with openSUSE key
  • OR
  • proftpd-ldap-1.3.5d-6.3.1 is installed
  • AND proftpd-ldap is signed with openSUSE key
  • OR
  • proftpd-mysql-1.3.5d-6.3.1 is installed
  • AND proftpd-mysql is signed with openSUSE key
  • OR
  • proftpd-pgsql-1.3.5d-6.3.1 is installed
  • AND proftpd-pgsql is signed with openSUSE key
  • OR
  • proftpd-radius-1.3.5d-6.3.1 is installed
  • AND proftpd-radius is signed with openSUSE key
  • OR
  • proftpd-sqlite-1.3.5d-6.3.1 is installed
  • AND proftpd-sqlite is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 42.1 is installed
  • AND Package Information
  • proftpd-1.3.5d-7.1 is installed
  • AND proftpd is signed with openSUSE key
  • OR
  • proftpd-devel-1.3.5d-7.1 is installed
  • AND proftpd-devel is signed with openSUSE key
  • OR
  • proftpd-doc-1.3.5d-7.1 is installed
  • AND proftpd-doc is signed with openSUSE key
  • OR
  • proftpd-lang-1.3.5d-7.1 is installed
  • AND proftpd-lang is signed with openSUSE key
  • OR
  • proftpd-ldap-1.3.5d-7.1 is installed
  • AND proftpd-ldap is signed with openSUSE key
  • OR
  • proftpd-mysql-1.3.5d-7.1 is installed
  • AND proftpd-mysql is signed with openSUSE key
  • OR
  • proftpd-pgsql-1.3.5d-7.1 is installed
  • AND proftpd-pgsql is signed with openSUSE key
  • OR
  • proftpd-radius-1.3.5d-7.1 is installed
  • AND proftpd-radius is signed with openSUSE key
  • OR
  • proftpd-sqlite-1.3.5d-7.1 is installed
  • AND proftpd-sqlite is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • proftpd-1.3.5e-lp150.2.3 is installed
  • AND proftpd is signed with openSUSE key
  • OR
  • proftpd-devel-1.3.5e-lp150.2.3 is installed
  • AND proftpd-devel is signed with openSUSE key
  • OR
  • proftpd-doc-1.3.5e-lp150.2.3 is installed
  • AND proftpd-doc is signed with openSUSE key
  • OR
  • proftpd-lang-1.3.5e-lp150.2.3 is installed
  • AND proftpd-lang is signed with openSUSE key
  • OR
  • proftpd-ldap-1.3.5e-lp150.2.3 is installed
  • AND proftpd-ldap is signed with openSUSE key
  • OR
  • proftpd-mysql-1.3.5e-lp150.2.3 is installed
  • AND proftpd-mysql is signed with openSUSE key
  • OR
  • proftpd-pgsql-1.3.5e-lp150.2.3 is installed
  • AND proftpd-pgsql is signed with openSUSE key
  • OR
  • proftpd-radius-1.3.5e-lp150.2.3 is installed
  • AND proftpd-radius is signed with openSUSE key
  • OR
  • proftpd-sqlite-1.3.5e-lp150.2.3 is installed
  • AND proftpd-sqlite is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • proftpd-1.3.6b-lp151.3.6 is installed
  • AND proftpd is signed with openSUSE key
  • OR
  • proftpd-devel-1.3.6b-lp151.3.6 is installed
  • AND proftpd-devel is signed with openSUSE key
  • OR
  • proftpd-doc-1.3.6b-lp151.3.6 is installed
  • AND proftpd-doc is signed with openSUSE key
  • OR
  • proftpd-lang-1.3.6b-lp151.3.6 is installed
  • AND proftpd-lang is signed with openSUSE key
  • OR
  • proftpd-ldap-1.3.6b-lp151.3.6 is installed
  • AND proftpd-ldap is signed with openSUSE key
  • OR
  • proftpd-mysql-1.3.6b-lp151.3.6 is installed
  • AND proftpd-mysql is signed with openSUSE key
  • OR
  • proftpd-pgsql-1.3.6b-lp151.3.6 is installed
  • AND proftpd-pgsql is signed with openSUSE key
  • OR
  • proftpd-radius-1.3.6b-lp151.3.6 is installed
  • AND proftpd-radius is signed with openSUSE key
  • OR
  • proftpd-sqlite-1.3.6b-lp151.3.6 is installed
  • AND proftpd-sqlite is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • proftpd-1.3.6e-1.10 is installed
  • OR proftpd-devel-1.3.6e-1.10 is installed
  • OR proftpd-doc-1.3.6e-1.10 is installed
  • OR proftpd-lang-1.3.6e-1.10 is installed
  • OR proftpd-ldap-1.3.6e-1.10 is installed
  • OR proftpd-mysql-1.3.6e-1.10 is installed
  • OR proftpd-pgsql-1.3.6e-1.10 is installed
  • OR proftpd-radius-1.3.6e-1.10 is installed
  • OR proftpd-sqlite-1.3.6e-1.10 is installed
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed
  • AND Package Information
  • proftpd-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-devel-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-doc-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-lang-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-ldap-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-mysql-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-pgsql-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-radius-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-sqlite-1.3.6b-bp151.4.6.2 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed
  • AND
  • proftpd-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-devel-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-doc-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-lang-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-ldap-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-mysql-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-pgsql-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-radius-1.3.6b-bp151.4.6.2 is installed
  • OR proftpd-sqlite-1.3.6b-bp151.4.6.2 is installed
  • OR Package Information
  • SUSE Package Hub for SUSE Linux Enterprise 15 is installed
  • AND
  • proftpd-1.3.6b-bp150.3.6.1 is installed
  • OR proftpd-devel-1.3.6b-bp150.3.6.1 is installed
  • OR proftpd-doc-1.3.6b-bp150.3.6.1 is installed
  • OR proftpd-lang-1.3.6b-bp150.3.6.1 is installed
  • OR proftpd-ldap-1.3.6b-bp150.3.6.1 is installed
  • OR proftpd-mysql-1.3.6b-bp150.3.6.1 is installed
  • OR proftpd-pgsql-1.3.6b-bp150.3.6.1 is installed
  • OR proftpd-radius-1.3.6b-bp150.3.6.1 is installed
  • OR proftpd-sqlite-1.3.6b-bp150.3.6.1 is installed
    • BACK