Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1493114 | Issue Tracking Tool Signature VDB Entry |
Configurations
History
No history.
Information
Published : 2017-09-21 21:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-12170
Mitre link : CVE-2017-12170
CVE.ORG link : CVE-2017-12170
JSON object : View
Products Affected
pureftpd
- pure-ftpd
fedoraproject
- fedora
CWE