Vulnerability CVE-2017-7418

Vulnerability Name:

CVE-2017-7418 (CCN-126184)

Assigned:

2017-04-04

Published:

2017-04-04

Updated:

2019-08-08

Summary:

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-59

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: ProFTPD Bugzilla Bug 4295
AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks

Source: CONFIRM
Type: Issue Tracking, Patch
http://bugs.proftpd.org/show_bug.cgi?id=4295

Source: MITRE
Type: CNA
CVE-2017-7418

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2019:1836

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2019:1870

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0031

Source: BID
Type: Third Party Advisory, VDB Entry
97409

Source: CCN
Type: BID-97409
ProFTPD CVE-2017-7418 Local Security Bypass Vulnerability

Source: XF
Type: UNKNOWN
proftpd-cve20177418-sec-bypass(126184)

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8

Vulnerable Configuration:

Configuration 1:

cpe:/a:proftpd:proftpd:*:d:*:*:*:*:*:* (Version <= 1.3.5)

OR cpe:/a:proftpd:proftpd:1.3.6:*:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.6:rc1:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.6:rc2:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.6:rc3:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.6:rc4:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:proftpd:proftpd:1.3.5d:*:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.6:*:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.6:rc1:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.6:rc2:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.6:rc3:*:*:*:*:*:*

OR cpe:/a:proftpd:proftpd:1.3.6:rc4:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20177418	V	CVE-2017-7418	2022-06-30
oval:org.opensuse.security:def:113176	P	proftpd-1.3.6e-1.10 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:74757	P	Security update for go1.17 (Moderate)	2021-12-23
oval:org.opensuse.security:def:93432	P	(Moderate)	2021-12-06
oval:org.opensuse.security:def:106598	P	proftpd-1.3.6e-1.10 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:63192	P	apache2-2.4.33-3.15.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:64570	P	Security update for java-11-openjdk (Important)	2021-09-03
oval:org.opensuse.security:def:74307	P	Security update for ffmpeg (Important)	2021-09-02
oval:org.opensuse.security:def:93576	P	(Moderate)	2021-08-23
oval:org.opensuse.security:def:63418	P	tomcat-9.0.36-3.24.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63461	P	vpx-tools-1.6.1-6.6.8 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62762	P	imlib2-loaders-1.4.10-1.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62755	P	gstreamer-plugins-bad-1.16.2-7.22 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62759	P	hplip-3.20.11-2.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62787	P	libgypsy-devel-0.9-2.30 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62852	P	dpkg-1.19.0.4-2.30 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:100289	P	(Moderate)	2021-06-04
oval:org.opensuse.security:def:64512	P	Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly (Important)	2021-06-01
oval:org.opensuse.security:def:64682	P	Security update for avahi (Moderate)	2021-05-04
oval:org.opensuse.security:def:74624	P	Security update for spamassassin (Important)	2021-04-13
oval:org.opensuse.security:def:63258	P	dhcp-relay-4.3.5-6.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62373	P	podman-1.0.1-2.20 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63608	P	argyllcms-1.9.2-2.27 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62573	P	libpango-1_0-0-32bit-1.40.14-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62372	P	docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.15.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63054	P	libnss_slurm2-20.02.3-1.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62965	P	log4j12-javadoc-1.2.17-2.26 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62396	P	bluez-5.48-3.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:64241	P	dracut on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64303	P	libXfont2-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64166	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:63985	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:64129	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:63879	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:74181	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:64410	P	libykcs11-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63837	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:64302	P	libXfont-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64087	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:63745	P	Security update for libsolv, libzypp, zypper (Moderate)	2020-12-01
oval:org.opensuse.security:def:110419	P	Security update for proftpd (Moderate)	2020-01-13
oval:org.opensuse.security:def:100145	P	Security update for proftpd (Important)	2019-08-14
oval:org.opensuse.security:def:109931	P	Security update for proftpd (Important)	2019-08-08
oval:com.ubuntu.cosmic:def:201774180000000	V	CVE-2017-7418 on Ubuntu 18.10 (cosmic) - medium.	2017-04-04
oval:com.ubuntu.artful:def:20177418000	V	CVE-2017-7418 on Ubuntu 17.10 (artful) - untriaged.	2017-04-04
oval:com.ubuntu.trusty:def:20177418000	V	CVE-2017-7418 on Ubuntu 14.04 LTS (trusty) - medium.	2017-04-04
oval:com.ubuntu.bionic:def:201774180000000	V	CVE-2017-7418 on Ubuntu 18.04 LTS (bionic) - medium.	2017-04-04
oval:com.ubuntu.bionic:def:20177418000	V	CVE-2017-7418 on Ubuntu 18.04 LTS (bionic) - medium.	2017-04-04
oval:com.ubuntu.xenial:def:20177418000	V	CVE-2017-7418 on Ubuntu 16.04 LTS (xenial) - medium.	2017-04-04
oval:com.ubuntu.xenial:def:201774180000000	V	CVE-2017-7418 on Ubuntu 16.04 LTS (xenial) - medium.	2017-04-04
oval:com.ubuntu.cosmic:def:20177418000	V	CVE-2017-7418 on Ubuntu 18.10 (cosmic) - medium.	2017-04-04
oval:com.ubuntu.disco:def:201774180000000	V	CVE-2017-7418 on Ubuntu 19.04 (disco) - medium.	2017-04-04
oval:com.ubuntu.precise:def:20177418000	V	CVE-2017-7418 on Ubuntu 12.04 LTS (precise) - untriaged.	2017-04-04

BACK