Vulnerability CVE-2017-12170

Vulnerability CVE-2017-12170

Published: 2017-09-21

Description:

Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Pureftpd -> Pure-ftpd
Fedoraproject -> Fedora

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1493114

Copyright 2020, cxsecurity.com