USN-7297-1: ProFTPD vulnerabilities
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the transport protocol implementation in ProFTPD had weak integrity checks. An attacker could use this vulnerability to bypass security features like encryption and integrity checks. (CVE-2023-48795) Martin Mirchev discovered that ProFTPD did not properly validate user input over the network. An attacker could use this vulnerability to crash ProFTPD or execute arbitrary code. (CVE-2023-51713) Brian Ristuccia discovered that ProFTPD incorrectly inherited groups from the parent process. An attacker could use this vulnerability to elevate privileges. (CVE-2024-48651)
Affected Software
Event History
Frequently Asked Questions
What is the severity of USN-7297-1?
The USN-7297-1 vulnerability has a high severity due to its potential to allow attackers to bypass security features.
How do I fix USN-7297-1?
To fix USN-7297-1, you should update ProFTPD to the latest version mentioned in the advisory.
What systems are affected by USN-7297-1?
USN-7297-1 affects Ubuntu systems running specific versions of ProFTPD including 24.10, 24.04, 22.04, and 20.04.
What type of attack can USN-7297-1 facilitate?
USN-7297-1 can facilitate attacks that exploit weak integrity checks in the transport protocol of ProFTPD.
Who discovered the USN-7297-1 vulnerability?
The USN-7297-1 vulnerability was discovered by researchers Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk.