{"id":"CVE-2017-7418","details":"ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.","modified":"2026-04-16T06:17:05.020611801Z","published":"2017-04-04T17:59:00.337Z","related":["openSUSE-SU-2019:1836-1","openSUSE-SU-2019:1870-1","openSUSE-SU-2020:0031-1","openSUSE-SU-2024:11196-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97409"},{"type":"FIX","url":"http://bugs.proftpd.org/show_bug.cgi?id=4295"},{"type":"FIX","url":"https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed"},{"type":"FIX","url":"https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f"},{"type":"FIX","url":"https://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/proftpd/proftpd","events":[{"introduced":"0"},{"last_affected":"46a4c089eec7dfc9b7c168c98bdb06371eb694ef"},{"introduced":"0"},{"last_affected":"14f155e2f194f75d05a1656d13f4228257ba3091"},{"introduced":"0"},{"last_affected":"39c1e2afdc99df211eb5718a9bfe3d2d11635298"},{"introduced":"0"},{"last_affected":"04d98b231341613fe7d5a8647547150d910a5aea"},{"introduced":"0"},{"last_affected":"7ec4b897ec5bdb243c3989301cb82a4f644fa2e6"},{"introduced":"0"},{"last_affected":"e280a27aae2b8ee5266abec70992cbb607c1bc20"},{"fixed":"ecff21e0d0e84f35c299ef91d7fda088e516d4ed"},{"fixed":"f59593e6ff730b832dbe8754916cb5c821db579f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.5"},{"introduced":"0"},{"last_affected":"1.3.6"},{"introduced":"0"},{"last_affected":"1.3.6-rc1"},{"introduced":"0"},{"last_affected":"1.3.6-rc2"},{"introduced":"0"},{"last_affected":"1.3.6-rc3"},{"introduced":"0"},{"last_affected":"1.3.6-rc4"}]}}],"versions":["v1.3.5a","v1.3.5b","v1.3.5c","v1.3.5d","v1.3.5e","v1.3.6","v1.3.6a","v1.3.6b","v1.3.6c","v1.3.6d","v1.3.6e","v1.3.6rc1","v1.3.6rc2","v1.3.6rc3","v1.3.6rc4"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:14:43Z","vanir_signatures":[{"source":"https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed","digest":{"line_hashes":["59590892394869156023812715275342572760","270386661161684928713681849091493785458","198787703278867517531918267294785723015","208920352700314283701362979671730391202","146578314306666417094527976238207015727","298428603847323147941021401075162180996","61822573162059068004868197233857662159","188890963132065134098107933039954828199","250839359992664586314843329620347729784","323239611206853208171846019450489718947","287588130334373726795145698050641377492","137875203618510821690402191531148384663","287913322549270122854244161650935339067","184005695843898752196320072161682181493","171716236844954466234065946424506747236","198914642754053393492138039271949945751","254170595138499013960913661538959688777","298953937012080739100419252459936484568","53732683892044204321610777113302028805","329986234801673316691730963565413513382","114887498723556956325107821221188505643","137675263573223038146825489290027861793","59185781030408566358554137170749909691","58635136762631682640194131941431873114"],"threshold":0.9},"signature_type":"Line","target":{"file":"modules/mod_auth.c"},"deprecated":false,"signature_version":"v1","id":"CVE-2017-7418-3f92402e"},{"target":{"file":"modules/mod_auth.c","function":"get_default_root"},"digest":{"length":1817,"function_hash":"213520693192006226101264800265476806204"},"signature_type":"Function","source":"https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed","deprecated":false,"signature_version":"v1","id":"CVE-2017-7418-8bb34baa"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7418.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}