Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to Red Hat, Inc. - pure-ftpd

cve-2017-12170

Vulnerability from cvelistv5

Published

2017-09-21 20:00

Modified

2024-08-05 18:28

Severity ?

Summary

Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=1493114	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Red Hat, Inc.

pure-ftpd

Version: Fedora downstream version pure-ftpd-1.0.46-1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:28:16.541Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pure-ftpd",
          "vendor": "Red Hat, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Fedora downstream version pure-ftpd-1.0.46-1"
            }
          ]
        }
      ],
      "datePublic": "2017-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn\u0027t affect upstream version of pure-ftpd."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "unsafe configuration",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-21T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-12170",
    "datePublished": "2017-09-21T20:00:00Z",
    "dateReserved": "2017-08-01T00:00:00",
    "dateUpdated": "2024-08-05T18:28:16.541Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}