{"id":"USN-7297-1","summary":"ProFTPD vulnerabilities","details":"Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the\ntransport protocol implementation in ProFTPD had weak integrity checks.\nAn attacker could use this vulnerability to bypass security features\nlike encryption and integrity checks. (CVE-2023-48795)\n\nMartin Mirchev discovered that ProFTPD did not properly validate user\ninput over the network. An attacker could use this vulnerability to\ncrash ProFTPD or execute arbitrary code. (CVE-2023-51713)\n\nBrian Ristuccia discovered that ProFTPD incorrectly inherited groups\nfrom the parent process. An attacker could use this vulnerability to\nelevate privileges. (CVE-2024-48651)\n","modified":"2026-04-27T18:02:26.829725894Z","published":"2025-02-25T15:13:53Z","related":["UBUNTU-CVE-2023-48795","UBUNTU-CVE-2023-51713","UBUNTU-CVE-2024-48651"],"upstream":["CVE-2023-48795","CVE-2023-51713","CVE-2024-48651","UBUNTU-CVE-2023-48795","UBUNTU-CVE-2023-51713","UBUNTU-CVE-2024-48651"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7297-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-48795"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-51713"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-48651"}],"affected":[{"package":{"name":"proftpd-dfsg","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/proftpd-dfsg@1.3.6c-2ubuntu0.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.6c-2ubuntu0.1"}]}],"versions":["1.3.6-6build2","1.3.6c-1","1.3.6c-2"],"ecosystem_specific":{"binaries":[{"binary_name":"proftpd-basic","binary_version":"1.3.6c-2ubuntu0.1"},{"binary_name":"proftpd-mod-geoip","binary_version":"1.3.6c-2ubuntu0.1"},{"binary_name":"proftpd-mod-ldap","binary_version":"1.3.6c-2ubuntu0.1"},{"binary_name":"proftpd-mod-mysql","binary_version":"1.3.6c-2ubuntu0.1"},{"binary_name":"proftpd-mod-odbc","binary_version":"1.3.6c-2ubuntu0.1"},{"binary_name":"proftpd-mod-pgsql","binary_version":"1.3.6c-2ubuntu0.1"},{"binary_name":"proftpd-mod-snmp","binary_version":"1.3.6c-2ubuntu0.1"},{"binary_name":"proftpd-mod-sqlite","binary_version":"1.3.6c-2ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7297-1.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-48795"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-51713"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-48651"}]}}},{"package":{"name":"proftpd-dfsg","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/proftpd-dfsg@1.3.7c+dfsg-1ubuntu0.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.7c+dfsg-1ubuntu0.1"}]}],"versions":["1.3.7b+dfsg-1","1.3.7c+dfsg-1build1"],"ecosystem_specific":{"binaries":[{"binary_name":"proftpd-basic","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-core","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-crypto","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-geoip","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-ldap","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-mysql","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-odbc","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-pgsql","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-snmp","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-sqlite","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-wrap","binary_version":"1.3.7c+dfsg-1ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7297-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-51713"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-48651"}]}}},{"package":{"name":"proftpd-dfsg","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/proftpd-dfsg@1.3.8.b+dfsg-1ubuntu0.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.8.b+dfsg-1ubuntu0.1"}]}],"versions":["1.3.8+dfsg-8","1.3.8.a+dfsg-1","1.3.8.b+dfsg-1","1.3.8.b+dfsg-1build1","1.3.8.b+dfsg-1build2","1.3.8.b+dfsg-1build3"],"ecosystem_specific":{"binaries":[{"binary_name":"proftpd-core","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-crypto","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-geoip","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-ldap","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-mysql","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-odbc","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-pgsql","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-snmp","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-sqlite","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-wrap","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7297-1.json","cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[{"id":"CVE-2024-48651","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}}],"schema_version":"1.7.5"}