CVE-2017-12170

Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.

Published: Sep 21, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-12170
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
pureftpd / pure-ftpd	1.0.46-1	1.0.46-1.x
fedoraproject / fedora	26	26.x
fedoraproject / fedora	27	27.x

https://bugzilla.redhat.com/show_bug.cgi?id=1493114

Vulnerability Database

289,599

CVE-2017-12170