CVE-2017-12170

Published: Sep 21, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.

Affected (3)

Products: Pureftpd: Pure Ftpd · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pureftpd Pure Ftpd	Version 1.0.46-1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 26
Fedoraproject Fedora	Version 27

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=1493114

Source: secalert@redhat.com

Issue TrackingTool SignatureVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1493114

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingTool SignatureVDB Entry

Timeline

No history available yet.