CVE-2017-12170

6 documents5 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 44.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED Hat, Inc. Pure-ftpd Fedoraproject Fedora Pureftpd Pure-ftpd

Timeline

PublishedSep 21

Latest updateMay 13

Description

Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDpureftpd/pure-ftpd1.0.46-1

▶CVEListV5red_hat,_inc./pure-ftpdFedora downstream version pure-ftpd-1.0.46-1

Also affects: Fedora 26, 27

🔴Vulnerability Details

GHSA

GHSA-fmmm-v7h7-fpx9: Downstream version 1↗2022-05-13

▶

CVEList

CVE-2017-12170: Downstream version 1↗2017-09-21

▶

📋Vendor Advisories

Debian

CVE-2017-12170: pure-ftpd - Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to ...↗2017

▶

💬Community

Bugzilla

CVE-2017-12170 pure-ftpd: Ignoring existing configuration after update due to packaging error↗2017-09-19

▶

Bugzilla

CVE-2017-12170 pure-ftpd: Ignoring existing configuration after update due to packaging error [fedora-all]↗2017-09-19

▶