Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1493114 | Issue Tracking Tool Signature VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=1493114 | Issue Tracking Tool Signature VDB Entry |
Configurations
History
21 Nov 2024, 03:08
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1493114 - Issue Tracking, Tool Signature, VDB Entry |
Information
Published : 2017-09-21 21:29
Updated : 2024-11-21 03:08
NVD link : CVE-2017-12170
Mitre link : CVE-2017-12170
CVE.ORG link : CVE-2017-12170
JSON object : View
Products Affected
fedoraproject
- fedora
pureftpd
- pure-ftpd
CWE